Cisco Warns Of Malicious Firmware

Attackers are using rogue firmware to take over Cisco IOS networking devices, according to Cisco security bulletin.

1 Min Read
Network Computing logo

Cisco issued a security alert this week to warn customers that it's seen cases in which attackers are hijacking its networking devices using malicious firmware.

The number of attacks is limited, but the cases involve intruders replacing the Cisco IOS ROMMON with a malicious image to gain administrative or physical access to a Cisco IOS device. ROMMON, or ROM Monitor, is a program used to boot the Cisco IOS operating system on its switches and routers.

According to the Cisco security bulletin, attackers accessed the IOS devices using valid administrative credentials and then installed a malicious ROMMON by using the ROMMON field upgrade process.

"Once the malicious ROMMON was installed and the IOS device was rebooted, the attacker was able to manipulate device behavior. Utilizing a malicious ROMMON provides attackers an additional advantage because infection will persist through a reboot," Cisco said.

The attacks don't involve a product vulnerability -- the ability to install a ROMMON image on IOS devices is a standard management feature, the company said. Plus, the attacks require valid administrative credentials or physical access to the device, according to Cisco.

About the Author(s)

Stay informed! Sign up to get expert advice and insight delivered direct to your inbox

You May Also Like

More Insights