Since the end of March, Cisco has been forced to respond to or announce six different security flaws -- more than one a week on average.
The trouble began when at the end of March the Italian hackers posted code that exploits multiple vulnerabilities in Cisco's Internet Operating System (IOS). While many of those security holes had already been identified and fixed, the incident did raise awareness about how disruptive such attacks could be.
Unfortunately for the networking market leader, that was only the beginning. Problems emerged with Cisco's wireless gear when the company announced that a preset password in its Wireless LAN Solution Engine (WLSE) could potentially allow anyone who knew that password to gain control of a company's Wi-Fi network. That was followed by a security expert's release of a tool that exploited vulnerabilities with Cisco's proprietary Lightweight Extensible Authentication Protocol (LEAP).
Cisco has also announced vulnerabilities with its Catalyst 6500 line of switches that opens them up to denial of service attacks as well as a vulnerability in the IOS that was introduced through upgrades. Cisco was also forced to respond to reported flaws with Transmission Control Protocol (TCP) that affect all network vendors.
Zeus Kerravala, a Vice President with the Boston, Mass.-based research firm Yankee Group, said that while Cisco has had a tough month, it is likely an unfortunate coincidence that so many security flaws have come to light in such a short period of time. Because of Cisco's huge market share the company is likely to be a target of hackers much like Microsoft is. However, Kerravala said, Cisco has been good at identifying problems before businesses fall prey to attacks.
Kerravala said that businesses should be sure to apply patches and fixes to Cisco's equipment as it becomes available.
Have you had security problems with Cisco? E-mail us and let us know.