Cisco has admitted that warranty CDs shipped out to customers over the past six months contained links to a known malware site.
According to a Cisco security advisory, warranty discs shipped between December last year and this month contained the links, which could have led to malware installation, although the company said it believes no customers were infected.
“Cisco shipped warranty CDs that contain a reference to a third-party website known to be a malware repository,” the company said. “When the CD is opened with a web browser, it automatically and without warning accesses this third-party website."
If this site became active as a malware repository again, there is a potential that users could infect their operating system
“On computers where the operating system is configured to automatically open inserted media, the computer's default web browser will access the third-party site when the CD is inserted, without requiring any further action by the user.
The company said that "to the best of its knowledge" no-one had visited the sites via the CD.
“The third-party site in question is currently inactive as a malware repository, so customers are not in immediate danger of having their computers compromised,” the company said.
“However, if this site became active as a malware repository again, there is a potential that users could infect their operating system by opening the CD with their web browser.”
According to Cisco, customers should head to its site for the latest warranty information.