Tag Archive for Cisco

| November 2, 2023
Comments Off on What’s Up with the Cisco XE Vulnerability

What’s Up with the Cisco XE Vulnerability

What's Up with the Cisco XE VulnerabilityIf you are using Cisco (CSCO) switches or routers that run on IOS XE software, you may be at risk of a serious security breach. A vulnerability (CVE-2023-20198) affecting the web user interface (UI) of IOS XE software has been actively exploited by cyber threat actors to take control of affected devices. This vulnerability allows an attacker to send malicious HTTP requests to the web UI and execute arbitrary commands with elevated privileges.

What is the Cisco IOS XE Vulnerability?

The Cisco IOS XE vulnerability is a command injection vulnerability that affects the web UI feature of IOS XE software. CERT Orange Cyberdefense discovered more than 34,500 IOS XE IPs compromised by the 10/10 vulnerability. The web UI is a web-based management interface that allows users to configure and monitor Cisco devices through a web browser. Cisco’s web UI feature is enabled by default on the base image and can be enabled or disabled through the command-line interface (CLI).

The vulnerability exists because the web UI does not properly validate the user input in the HTTP requests. An attacker can exploit this vulnerability by sending specially crafted HTTP requests to the web UI that contain malicious commands. These commands are then executed with root privileges on the underlying operating system. Root grants the attacker full control over the device.

The attacker does not need to authenticate to the web UI to exploit this vulnerability. What they need is access to the web UI through the network. This means that any device that has the web UI exposed to the internet or an untrusted network is vulnerable.

How Can This Vulnerability Impact Your Network?

Data theftThe impact of this vulnerability depends on the role and configuration of the device in your network. An attacker who gains control of a Cisco device can use it to perform various malicious actions, such as:

  • Modify or delete the device configuration.
  • Install malware or backdoors on the device.
  • Redirect or intercept network traffic.
  • Launch attacks against other devices or networks.
  • Exfiltrate sensitive data from the device or network.

Depending on the device type and location, these actions can have serious consequences for your network. For example, an attacker who compromises a core switch or router can disrupt or manipulate the network traffic for a large segment of your network, affecting multiple services and users.

What Can You Do to Mitigate the Risk?

What Can You Do to Mitigate the Risk?Cisco has released a patch for this vulnerability. However, Cisco has not patched some versions of IOS XE software. You can check if your device is affected and if there is a fixed version available by visiting the Cisco Security Advisory page. If there is a fixed version for your device, you should apply it as soon as possible.

However, if there is no fixed version for your device yet, or if you cannot apply it immediately, you should take some additional steps to protect your network from this vulnerability. Here are some recommendations:

  • Disable the web UI feature on your device if you do not need it. You can do this by using the `no ip http server` and `no ip http secure-server` commands in the CLI.
  • Restrict access to the web UI feature by using access control lists (ACLs) or firewall rules. You should only allow trusted IP addresses or networks to access the web UI. You should also block any unauthorized or external access.
  • Monitor your network for any suspicious activity. You should use network security tools such as intrusion detection systems (IDS), intrusion prevention systems (IPS), or security information and event management (SIEM) systems to detect and respond to any potential attacks.
  • Report any information or evidence related to this vulnerability with CISA and Cisco to help them investigate and mitigate this threat.

How Can You Check If Your Device Is Affected?

How Can You Check If Your Device Is Affected?To check if your device is affected by this vulnerability, you need to verify two things: the version of IOS XE software running on your device, and the status of the web UI feature on your device.

Check the version. Check the version of IOS XE software running on your device by using the `show version` command in the CLI. You should compare the output with the list of affected and fixed versions provided by Cisco in the security advisory.

Check the status of the web UI. To do this you use the `show ip http server status` and `show ip http secure-server status` commands in the CLI. You should look for any output that indicates that the web UI feature is enabled or listening on any port.

If your device is running an affected version of IOS XE software and has the web UI feature enabled, you should consider it vulnerable and take immediate action to protect it.

The vulnerability is evolving

The vulnerability is evolvingOn 10/18/2023 threat intelligencer Censys found over 40,000 vulnerable devices. On 10/21/2023 ONYPHE said its scanning found 1,214 unique compromised IP addresses. That is a 97% decrease nearly overnight. There are number of possible explanations for the rapid decline. Some have argued that the attach is evolving. CERT Orange Cyberdefense speculated it is “a potential trace cleaning step is underway [by the threat actor] to hide the implant.”

rb-

The Cisco IOS XE vulnerability is a serious security issue that affects many Cisco devices running on IOS XE software. You should patch your device as soon as possible because the attacker are evolving the exploit. The ability to hide the exploit will make this a long-term problem on many networks.

 

How you can help Ukraine!

Related article

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , ,
| August 15, 2020
Comments Off on Can Cisco be XaaS-y ?

Can Cisco be XaaS-y ?

tech prognosticatorIt’s not news that these are unprecedented times. No one has seen anything like COVID-19 — or the global response to the virus – before. Many people worry about how this situation will evolve and how it will affect economies, careers, and personal bottom lines. The long-term economic fallout after the crisis passes is unknown. It’s possible it will be bad and last a couple of years. It may be shorter. There’s no way to tell. 

Can Cisco be XaaS-y ?The tightening of the purse strings has led tech prognosticator IDC to lower its 2020 guess forecast for the Ethernet switch and wireless LAN markets. The research firm expects the WLAN market to grow less than 1% from 2019, while the switch market will shrink 0.7%. The revised numbers represent a 3.7% point drop from IDC’s earlier 2020 forecast for Ethernet switches and a 4.8% point decline for WLAN revenue. In dollar terms, IDC says the switch market will reach $28.5 billion this year while WLAN revenue will be $6.2 billion.

To prove IDC’s point, Cisco (CSCO) just announced its ’20Q4 earnings report and it was not pretty. During the fourth fiscal quarter that ended June 30, the tech giant‘s product revenue fell 13% year over year to $8.83 billion. After the presser, CSCO slid by more than 11% – the worst day since February 2011.

Cisco logoAs an answer to declining revenue Cisco CEO Chuck Robbins announced layoffs a restructuring plan was underway:

Over the next few quarters, we will be taking out over $1 billion on an annualized basis to reduce our cost structure.

The San Jose, CA-based company Cisco, which employees 75,000 people, worldwide, did not say how many employees would be laid off restructured going forward. Cisco has been laying off employees over the past few quarters. CEO Robbins said on the earnings call, that the COVID-19 pandemic has forced the company to “re-examine” its entire portfolio and nothing is off the table. 

LayoffsIn theory, Cisco is using the restructuring to accelerate its R&D to focus on delivering everything it can as a service as it transitions to generating more of its revenues from software rather than hardware. In the last quarter, FierceTelecom reports that Cisco now generates half its revenue from software and services.

CRN reports that Cisco‘s infrastructure segment, which includes the core switching and routing businesses as well as wireless and data center products, continued its double-digit decline, falling 16% during the quarter to $6.62 billion. Overall, this segment dropped 10% for the full year.

Revenue was down across all customer and geographic segments. In terms of customer segments, Cisco saw revenue decline in all segments:

  • Public sector fell by 1%,
  • Service provider down 5%.
  • Enterprise declined 7%,
  • Commercial tumbled 23%,

Regional sales also fell:

  • EMEA fell by 6%,
  • APJC was down 7%, and
  • Americas, declined by 12%, 

rb-

Besides COVID, other factors have stopped tech spending including technology shifts into 5G cellular networks, 400-gigabit Ethernet, WiFi 6. The fact is that Cisco wants to transition the majority of its portfolio to an as-a-service consumption model. Cloud expansion could support Cisco’s business. BUT–  Cisco has never been a major player in the cloud. Their go to cloud story proves it

Cloud computingIn 2014, Cisco’s first cloud strategy, InterCloud based in OpenStack was abandoned in 2016. Cisco’s next cloud strategy was to become the Switzerland of the cloud. This strategy was to work across multiple public and private cloud environments – to be a neutral player. It focused on: management, security, analytics,  and being Cisco – advanced networking. This Cisco Cloud phase has morphed again.

Cisco’s current approach to multi-cloud is network-centric and its centerpiece is an architecture called Application Centric Infrastructure (ACI) – which formerly only ran on Nexus devices. ACI focuses on policy, management, and operations for applications deployed across cloud environments. 

I’m sooo confused about the Cisco cloud story, are you?

Do you understand Cisco's cloud story?

View Results

Loading ... Loading ...

 

Stay safe out there!

Related article

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , ,
| May 1, 2019
Comments Off on Mitel – Avaya Hook Up?

Mitel – Avaya Hook Up?

Updated August 28, 2019 – Rumors confine to swirl about the future of Avaya. Channel Partners is reporting there are 2 offers on the table. They cite reports from Bloomberg that Avaya is considering a bid by Mitel and Reuters is reporting that Avaya is considering an all-cash offer from private equity firm Clayton Dubilier & Rice.

Channel Partners speculates that the Mitel-Avaya deal would “…result in a company with a market share that would rival key industry players Cisco and Microsoft.”

Avaya buy-out rumors are back. Last month it was thought that a PE firm, possibly Searchlight Capital Partners was going to buy Avaya. The unknown private equity firm valued Avaya at more than $5 billion, including debt.

The newest report is that Ottawa-based Unified-Communications-as-a-Service provider Mitel is looking to acquire Avaya in an all-stock merger valued at between $2.2 billion and $2.4 billion, according to The Wall Street Journal.

The reported deal would value communications equipment and software provider Avaya at $20 to $22 per share, a premium based on its current stock price of about $18 per share on Monday 04/29/2019. If Avaya and Mitel are able to strike a deal, the merger could happen as soon as next month, the WSJ said, citing mysterious people familiar with the matter.

compete against their larger UC competitorsCRN says that the Avaya-Mitel deal could help the two companies compete against their larger UC competitors. Mitel typically plays well in the small to midsize market, while Avaya has a large install base of enterprise customers because of its legacy in the UC hardware arena.

Zeus Kerravala at NoJitter points out that the reported $2 billion purchase price doesn’t into account Avaya’s roughly $3 billion in debt. With debt included, the offer would have to come in for a total enterprise value of $5 billion to be of interest to shareholders.

Mr. Kerravala believes that a successful merger between Avaya and Mitel would create a behemoth of a company, bringing the number two and number three voice vendors together. He cites Synergy Research Group data that shows Cisco (CSCO) the leader with about 44% market share, Avaya second at 10%, and Mitel third at 8%. He believes a combined Avaya and Mitel would hold the industry’s biggest installed base.

Synergy enterprise voice market share estimate

Source: Synergy Research Group

The merger would also be beneficial as the industry becomes more artificial intelligence (AI)-centric, data and scale are must-haves. Mr. Kerravala believes Avaya and Mitel are stronger together than apart on AI. That said, if a deal doesn’t happen, the companies should still be fine continuing down their current trajectories, optimizing their internal resources while leveraging partners for AI. They can still do this, although it would be easier as a bigger company.

private equity firm Searchlight Capital PartnersAn investment group led by private equity firm Searchlight Capital Partners acquired Mitel in April 2018 with a $2.6 billion deal that took the company private. Mitel has a history of growing via acquisitions. In 2017 the company completed the acquisition of competing UC provider ShoreTel for $530 million. The move helped Mitel become one of the largest UCaaS providers in the world. The company lost out on its deal to acquire videoconferencing provider Polycom in 2016 to Siris Capital Group.

rb-

This is just more of the same for Avaya. The crowning jewel in this deal is Avaya’s corporate call center business. Avaya’s call center business is the product of the acquisition of Nortel assets, after the Canadian networking giant’s bankruptcy in 2009.

This deal is really about the cloud. TechCrunch notes that Searchlight has a strategic stake in Rackspace, another legacy company that it took private for $4.3B in 2016.

Will Searchlight leverage its investments in Rackspace, Mitel, and now Avaya to build a cloud-based UCaaS juggernaut to take on the likes of Cisco, Microsoft, Slack, RingCentral, 8×8, even Google and Amazon?

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , ,
| March 26, 2019
Comments Off on Avaya LBO Buzz

Avaya LBO Buzz

Avaya is back in the news. Followers of the Bach Seat will recall that Avaya declared bankruptcy in 2017. Now the buzz is that Santa Clara, California-based telecommunications equipment and software firm is considering a leveraged buyout offer.

Avaya logoReports are circulating that Avaya’s (AVYA) board of directors is evaluating an offer from an unnamed private equity firm. Reportedly the offer values the Lucent spinoff at more than $20 per share, people in the know told Reuters. The private equity firm values Avaya at more than $5 billion, including $3.2 billion in debt.

Avaya is one of the world’s largest providers of telephony systems. It was spun off from Lucent Technologies Inc in 2000, which used to be part of AT&T (T). The LBO comes 15 months after Avaya emerged from bankruptcy protection, with a $8.3 billion debt legacy from a previous leveraged buyout by private equity firms TPG Capital and Silver Lake in 2007.

unified communications as a serviceAvaya has tried to shift its revenue model to focus on cloud-based communications solutions with recurring software and subscriptions fees and not its traditional hardware business. Its legacy business is becoming more commoditized and dated. Much of Avaya’s new focus involves cloud services like unified communications as a service (UCaaS) and Contact Center as a Service (CCaaS). A new Device as a Service (DaaS) offering has also surfaced.

Avaya’s contact center business has also attracted acquisition interest in the past from private equity firms, including Clayton Dubilier & Rice LLC, Hellman & Friedman LLC, and Permira Advisers LLP. Hellman & Friedman and Permira own Genesys an Avaya competitor.

As of September 2018, Avaya had about 8,100 employees worldwide, including 2,800 in the U.S.

Private equity firms have recently focused on communications businesses. Among those companies are Aspect Software, Mitel,  and PGi, each privately held by such firms. Note, too, that Polycom had been a Siris Capital property until its recent acquisition by Plantronics.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , ,
| January 19, 2019
Comments Off on Zix Buys AppRiver – Bolsters Email Security

Zix Buys AppRiver – Bolsters Email Security

Zix Buys AppRiver - Bolsters Email SecurityCompetition in the email security market is intense. Most of the major endpoint security companies, Barracuda, Cisco (CSCO) Fortinet (FTNT), Mimecast (MIME), and Proofpoint (PFPT), have moved into email security — emphasizing training services to mitigate rising phishing threats. Plus, Microsoft (MSFT) has pushed into email security services that wrap around its core business productivity software Office 365.

email securityThe global email security market is expected to reach $18 billion by 2023, expanding at 22% from 2016, this report asserts. This growth has drawn the attention of venture capitalists. The latest VC deal is unique in that the smaller company is buying the larger firm.

Publicly traded Zix (ZIXI) is acquiring AppRiver for $275 million in cash. Zix is a Dallas-based maker of email archiving and security products including ZixMail which manages the key management to provide end-to-end email encryption that protects messages and attachments.

Zix is acquiring AppRiver AppRiver is a privately held Florida-based MSP-friendly cybersecurity and Microsoft Office 365 cloud solutions provider specialist. AppRiver, founded in 2002, supports more than 60,000 companies globally in 2019.

Zix and AppRiver each have about 260 employees. As part of the M&A plan, Zix expects to generate about $8 million in cost synergies — which typically means that layoffs are coming. AppRiver CEO Michael Murdoch is exiting the combined firm. Zix CEO David Wagner would not rule out further job cuts.

cost synergiesCEO Wagner has lined up financial backers to help finance the AppRiver deal. Among the financial players are:

True Wind Capital will make a $100 million equity investment with the closing of the AppRiver acquisition.

SunTrust Bank and KeyBanc Capital Markets committed to a new five-year $175 million term loan and a $25 million revolving credit line.

The combined company, known as Zix, expects to generate roughly $200 – $207 million in annual recurring revenue in fiscal 2019, up 11% – 15% year over year. The deal is expected to close by March 31, 2019. Bu purchasing AppRiver, the new Zix will grow its channel from about 400 to 4,000 partners and its customer base will go from 20,000 to 60,000.

AppRiver is no stranger to acquisitions as it worked to position itself as a one-stop-shop for commercial cybersecurity services.

In October 2017, VC firm Marlin Equity Partners purchased a majority stake in AppRiver with intention of expanding its global footprint.

In March 2018, AppRiver acquired Canadian company Roaring Penguin for its anti-spam and machine learning technologies. In October of 2018, AppRiver acquired Total Defense, a provider of subscription-based endpoint security for consumers and small businesses.

rb-

The last three places I have worked were AppRiver or Zix shops. It makes sense email is the gateway to the cloud for many firms. Email is mission-critical and complicated to secure so it gets moved to the cloud.

My experience with both firms was OK. We were an earlier adopter of hosted Exchange from AppRiver and then at a re-seller. In keeping with industry trends, my current employer moved from Zix as we moved to O365, maybe this deal is a year too late.

 

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , ,
« Older Entries