Rapid response to critical vulnerability in Cisco hardware

On 22 May 2023, the BSI informed about critical vulnerabilities in network switches from the manufacturer Cisco (https://www.bsi.bund.de/SharedDocs/Cybersicherheitswarnungen/DE/2023/2023-231640-1031.pdf). These open up access to the switch’s web management interface for unauthenticated users (attackers) within the network segment, via which they could execute arbitrary code with administrative rights on the device. The risk of serious consequences for network security was high.

Quick action and danger averted

Since the KISTERS control system support also takes responsibility for the network hardware in terms of the maintenance contracts, quick action was now required to remedy the vulnerability as quickly as possible and minimise the risk: Within a few hours, the colleagues checked the report, classified the danger, derived appropriate measures, identified the affected customers and informed them.

It was soon clear: the affected switches could be protected against unauthorised access either by updating the firmware and/or by stricter parameterisation. After this inventory, our support team coordinated, created tickets for the affected customers and implemented the appropriate measures in close consultation with the customers. Within a very short time, many networks were already secured, and others followed within two to three days. We prevented serious consequences with our quick action.

Recommendations for clients

This process only worked so quickly and smoothly because we had already defined it in advance, everyone knew what they had to do and everyone involved worked hand in hand. Our clients are also an important part of the process. Together, we are most successful in identifying and eliminating weaknesses as quickly as possible.

We would like to give you a few more recommendations:

• Please use our service portal as a first source of information. There you will find information about security vulnerabilities known to us and the corresponding measures.
• There is the option to set up your maintenance contract so that it also includes monitoring and updating the hardware components in your network.
• And importantly, we achieve the highest security through lived processes: Always be attentive, sensitise and train your teams, give high relevance to the topic of IT security in your company, etc.