Security Experts:

Connect with us

Hi, what are you looking for?


Management & Strategy

Cisco Issues Fresh Warning Over Counterfeit Switches

Cisco has issued a “field notice” to advise customers of its Catalyst 2960X/2960XR switches to upgrade the IOS software on their devices in order to ensure that they are not counterfeit.

Cisco has issued a “field notice” to advise customers of its Catalyst 2960X/2960XR switches to upgrade the IOS software on their devices in order to ensure that they are not counterfeit.

Due to their popularity, Cisco equipment is often replicated by counterfeiters, but these devices can introduce security vulnerabilities and the networking giant says they can cause “severe damage” to an organization’s network.

Counterfeit devices do not use Cisco hardware, but they still need to run genuine Cisco firmware, and the vendor has several mechanisms in place to detect device counterfeiting.

“In order to detect and mitigate device counterfeiting and malicious attacks on hardware and software, Cisco uses Hardware Trust Anchor, Secure Unique Device Identifier (SUDI), digitally signed software images, secure boot, and other multilayered security approaches to verify the authenticity and integrity of our solutions,” Cisco said in its latest notification. “These trustworthy technologies run automated checks of hardware and software integrity and can shut down the boot process if a compromise is detected.”

The company has advised customers using the Catalyst 2960X/2960XR switches to upgrade the IOS software to version 15.2(7)E4 or later to enable the SUDI verification. This should be done before the devices are added to the network to validate their authenticity.

“The illicit grey market for Cisco’s gear carries significant risk for customers who buy unauthorized secondhand, third-party, or even stolen networking gear. Cisco’s 2960X/2960XR switches have been a flagship product for many years, and subsequently have been diverted into the grey market,” Cisco said.

The company noted that, in addition to introducing security risks, counterfeit devices do not have a valid software license, they don’t come with a warranty, and they are not eligible for certain support plans.

Cisco has shared information on how counterfeit devices can be identified and provided detailed instructions for validating the SUDI feature on switches.

In 2020, F-Secure was called in by an IT company to conduct an analysis of a Cisco Catalyst 2960-X switch that turned out to be counterfeit. The client wanted F-Secure to determine whether the device had any backdoors.

While the researchers did not find any backdoor, they identified the exploit chain that allowed the device to work. It included exploitation of what appeared to be a previously unknown vulnerability to bypass Secure Boot restrictions.

In a blog post published a few months later in 2020, Cisco shared recommendations on how customers can recognize genuine devices, noting that counterfeit hardware and software had caused the IT industry an estimated $100 billion loss of revenue annually.

In 2021, Cisco filed a lawsuit against companies in Tennessee and China for producing counterfeit devices and selling them to organizations in the United States, including government agencies.

Related: Cisco Patches 11 High-Severity Vulnerabilities in Security Products

Related: Cisco Patches Critical Vulnerability in Wireless LAN Controller

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...


Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.