CONFERENCE NOW LIVE: Threat Detection & Incident Response (TDIR) Summit - Join the Event In-Progress
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Management & Strategy

Cisco Issues Fresh Warning Over Counterfeit Switches

Cisco has issued a “field notice” to advise customers of its Catalyst 2960X/2960XR switches to upgrade the IOS software on their devices in order to ensure that they are not counterfeit.

Cisco has issued a “field notice” to advise customers of its Catalyst 2960X/2960XR switches to upgrade the IOS software on their devices in order to ensure that they are not counterfeit.

Due to their popularity, Cisco equipment is often replicated by counterfeiters, but these devices can introduce security vulnerabilities and the networking giant says they can cause “severe damage” to an organization’s network.

Counterfeit devices do not use Cisco hardware, but they still need to run genuine Cisco firmware, and the vendor has several mechanisms in place to detect device counterfeiting.

“In order to detect and mitigate device counterfeiting and malicious attacks on hardware and software, Cisco uses Hardware Trust Anchor, Secure Unique Device Identifier (SUDI), digitally signed software images, secure boot, and other multilayered security approaches to verify the authenticity and integrity of our solutions,” Cisco said in its latest notification. “These trustworthy technologies run automated checks of hardware and software integrity and can shut down the boot process if a compromise is detected.”

The company has advised customers using the Catalyst 2960X/2960XR switches to upgrade the IOS software to version 15.2(7)E4 or later to enable the SUDI verification. This should be done before the devices are added to the network to validate their authenticity.

“The illicit grey market for Cisco’s gear carries significant risk for customers who buy unauthorized secondhand, third-party, or even stolen networking gear. Cisco’s 2960X/2960XR switches have been a flagship product for many years, and subsequently have been diverted into the grey market,” Cisco said.

The company noted that, in addition to introducing security risks, counterfeit devices do not have a valid software license, they don’t come with a warranty, and they are not eligible for certain support plans.

Cisco has shared information on how counterfeit devices can be identified and provided detailed instructions for validating the SUDI feature on switches.

Advertisement. Scroll to continue reading.

In 2020, F-Secure was called in by an IT company to conduct an analysis of a Cisco Catalyst 2960-X switch that turned out to be counterfeit. The client wanted F-Secure to determine whether the device had any backdoors.

While the researchers did not find any backdoor, they identified the exploit chain that allowed the device to work. It included exploitation of what appeared to be a previously unknown vulnerability to bypass Secure Boot restrictions.

In a blog post published a few months later in 2020, Cisco shared recommendations on how customers can recognize genuine devices, noting that counterfeit hardware and software had caused the IT industry an estimated $100 billion loss of revenue annually.

In 2021, Cisco filed a lawsuit against companies in Tennessee and China for producing counterfeit devices and selling them to organizations in the United States, including government agencies.

Related: Cisco Patches 11 High-Severity Vulnerabilities in Security Products

Related: Cisco Patches Critical Vulnerability in Wireless LAN Controller

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this event as we dive into threat hunting tools and frameworks, and explore value of threat intelligence data in the defender’s security stack.

Register

Learn how integrating BAS and Automated Penetration Testing empowers security teams to quickly identify and validate threats, enabling prompt response and remediation.

Register

People on the Move

Jeremy Koppen has left Mandiant after 13 years to become the CISO of Equifax.

Engineering and technology solutions provider Amentum has appointed Max Shier as its CISO.

PAM provider Keeper Security has appointed Shane Barney as its Chief Information Security Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.