Dimension Data Finds Security Flaw In Cisco Network Devices
The Dimension Data study, the 2011 Network Barometer Report , examined organizations' networks' functionality and security by evaluating configuration variances from best practices, potential security vulnerabilities and end-of-life status for network devices.
The report revealed that out of 270 total assessments, 73 percent of networking devices contain at least one security flaw that leaves them vulnerable to attack -- a statistic that was consistent across all organizations, regardless of size, industry vertical or geographic location.
In addition, Dimension's Technology Lifecycle Management assessment service, used to identify lifecycle status and security vulnerabilities, found that one particular flaw -- Cisco Product Security Incident Response Team (PSIRT) 10944 -- found in 66 percent of all Cisco devices was responsible for a significant jump in security flaws in 2009 and 2010.
The PSIRT vulnerability, detected by Cisco in September 2009, entailed a denial-of-service bug, which opened the door for hackers to execute attacks that prevented any new TCP connections from being established, as well as attacks designed to disrupt the network and shut down computer systems.
The PSIRT 10944 ranked between 6.4 and 7.8 out of a total of 10 on Cisco's Common Vulnerability Scoring System. While not reaching the highest severity level of critical, the vulnerability still represents a high risk for businesses in light of the exorbitant number of affected Cisco devices used in the enterprise, according to the report.
Among other things, the study found that the PSIRT 10944 flaw was still widely pervasive, despite the fact that Cisco had issued a free patch for the flaw two years ago, suggesting that many organizations failed to keep up with security threats and fell way behind timely patching.
"The prevalence of this (PSIRT 109444) security vulnerability suggests that for the majority of organizations, existing discovery and remediation processes are falling short of the mark," according to the study.
However, the number of CISCO PSIRT vulnerabilities seems to be declining, with a total of 45 found in 2010, down from 49 in 2009 and 50 in 2008.
In addition, the 2010 assessment results showed that the next four vulnerabilities were found in less than 20 percent of all devices, indicating that "organizations had been patching fairly well," the study said.
Dimension Data researchers maintained that the report was intended to create awareness and enhance the security posture while underscoring the need for IT administrators to apply the latest security patches.
"For a hacker, a security vulnerability is tantamount to an unlocked door and the first port of call for initiating an attack. At its simplest, hacking into a network consists of discovering vulnerabilities and then creating an exploit (a program or set of instructions) that takes advantage of the vulnerabilities," according to the report's authors. "At the end of the day, it’s a good idea to find your vulnerabilities before hackers do, the most determined of which have an exemplary attitude towards vulnerability 'reconnaissance.'"