Cisco admits security gap

Networking giant Cisco has confirmed a security flaw in some versions of its Catalyst local area network switching software which could allow hackers to change the switching configuration.

The problem will affect users of the Catalyst 4000, 5000, 5500, 6000 and 6500 ranges. Cisco admits there is no known way around the problem.

The bug in the 5.4(1) release permits unauthorised access to the 'enable' mode. Once initial entry is gained, higher level functions can be accessed without a password.

"Anyone who can obtain ordinary console access to an affected switch can bypass password authentication to obtain 'enable' mode access without knowledge of the 'enable' password," the company said in an emergency security notice emailed to customers last week.

The firm is urging customers to upgrade to later versions of its software as soon as possible after several customers reported the issue.

However, there have been no reports as yet of hackers exploiting this potential vulnerability.

Neil Barrett, technical director of security consultancy Information Risk Management, said that the flaw could leave networks wide open if uncorrected. "Leaving aside the obvious possibility of mounting denial of service attacks, it would be possible for people to use this to bypass monitoring stations," he said.

"It would also be feasible to introduce sniffing tools, which is normally difficult to do in switched environments," he added.