Cisco’s Recent Zero-Day Vulnerabilities: A Case Study for ZTNA
Last week, Cisco reported critical new zero-day vulnerabilities in devices using their IOS XE software. The warning explains how devices can be exploited locally from the network or from the internet if the targeted device is exposed to the web. Once the device is exploited, the attacker can create accounts with the highest privileges and take full control over the infected device.
Although Open Systems’ SASE solutions don't rely on IOS XE, many of our customers may be affected. Cisco released patches on Sunday, October 22, and the preferred approach to mitigate this threat is to apply the patches to affected systems. Depending on the system and the specifics of the update, patching may require an outage to be scheduled. If organizations cannot quickly patch their systems, they should take the following recommended steps.
- Disable the HTTP Server Feature: Organizations should promptly disable the HTTP Server feature on any internet-facing systems that may be vulnerable. This action will reduce the attack surface and prevent unauthorized access.
- Utilize Cisco's Indicators of Compromise (IoCs): Cisco has provided IoCs to assist organizations in identifying infected devices within their systems. Utilizing these IoCs is crucial for early detection and isolation of compromised devices.
These vulnerabilities serve as a stark reminder of why companies should strongly consider implementing Zero Trust Network Access (ZTNA) if they haven't already done so. ZTNA is a security framework that operates under the principle of zero trust, meaning no entity, whether internal or external, should be trusted by default. It enforces rigorous authentication and authorization for all users, devices, and applications attempting to access network resources.
Looking at the details of the Cisco vulnerabilities, it becomes apparent that an enterprise would be significantly safer if they limited access to their HTTP servers with ZTNA. Here's why:
- Protection from External Threats: The core issue with the vulnerabilities is that the IOS XE system is directly exposed to the internet, making it susceptible to attacks from external actors. ZTNA ensures that access to critical resources is not readily available to the entire internet, adding an essential layer of security.
- Enforced Authentication: ZTNA enforces robust authentication mechanisms, ensuring that only authorized users gain access. This significantly reduces the risk of unauthorized exploitation.
- Multi-Factor Authentication (MFA): With ZTNA, organizations can enforce multi-factor authentication, adding an extra layer of security. Even if a malicious actor manages to steal users' credentials, they will get blocked by MFA which is much harder to compromise.
The recent Cisco vulnerabilities underscore the evolving threat landscape that organizations face today. As the cybersecurity landscape continues to evolve, proactive security measures such as ZTNA will play an increasingly vital role in protecting our digital assets.