Cisco has issued a “field notice” to advise customers of its Catalyst 2960X/2960XR switches to upgrade the IOS software on their devices in order to ensure that they are not counterfeit.
Due to their popularity, Cisco equipment is often replicated by counterfeiters, but these devices can introduce security vulnerabilities and the networking giant says they can cause “severe damage” to an organization’s network.
Counterfeit devices do not use Cisco hardware, but they still need to run genuine Cisco firmware, and the vendor has several mechanisms in place to detect device counterfeiting.
“In order to detect and mitigate device counterfeiting and malicious attacks on hardware and software, Cisco uses Hardware Trust Anchor, Secure Unique Device Identifier (SUDI), digitally signed software images, secure boot, and other multilayered security approaches to verify the authenticity and integrity of our solutions,” Cisco said in its latest notification. “These trustworthy technologies run automated checks of hardware and software integrity and can shut down the boot process if a compromise is detected.”
The company has advised customers using the Catalyst 2960X/2960XR switches to upgrade the IOS software to version 15.2(7)E4 or later to enable the SUDI verification. This should be done before the devices are added to the network to validate their authenticity.
“The illicit grey market for Cisco’s gear carries significant risk for customers who buy unauthorized secondhand, third-party, or even stolen networking gear. Cisco’s 2960X/2960XR switches have been a flagship product for many years, and subsequently have been diverted into the grey market,” Cisco said.
The company noted that, in addition to introducing security risks, counterfeit devices do not have a valid software license, they don’t come with a warranty, and they are not eligible for certain support plans.
Cisco has shared information on how counterfeit devices can be identified and provided detailed instructions for validating the SUDI feature on switches.
In 2020, F-Secure was called in by an IT company to conduct an analysis of a Cisco Catalyst 2960-X switch that turned out to be counterfeit. The client wanted F-Secure to determine whether the device had any backdoors.
While the researchers did not find any backdoor, they identified the exploit chain that allowed the device to work. It included exploitation of what appeared to be a previously unknown vulnerability to bypass Secure Boot restrictions.
In a blog post published a few months later in 2020, Cisco shared recommendations on how customers can recognize genuine devices, noting that counterfeit hardware and software had caused the IT industry an estimated $100 billion loss of revenue annually.
In 2021, Cisco filed a lawsuit against companies in Tennessee and China for producing counterfeit devices and selling them to organizations in the United States, including government agencies.