Old Cisco flaw found in two-thirds of devices: report

Around three-quarters of network devices carried at least one known security vulnerability while two-thirds carried a two-year-old flaw.

According to a Dimension Data report (pdf), 73 per cent of corporate network devices carried at least one known security vulnerability, almost double the 38 per cent recorded in 2009.

The survey of 270 global businesses also revealed that a Cisco product security incident response team (PSIRT) vulnerability (109444) identified in September 2009 was found in 66 per cent of all devices.

That flaw related to denial-of-service vulnerabilities in the transmission control protocol (TCP).

“By manipulating the state of TCP connections, an attacker could force a system that is under attack to maintain TCP connections for long periods of time, or indefinitely in some cases," Cisco said.

“With a sufficient number of open TCP connections, the attacker may be able to cause a system to consume internal buffer and memory resources, resulting in new TCP connections being denied access to a targeted port or an entire system.”

Dimension Data security solutions global general manager, Neil Campbell, said it is "hard to believe that" businesses "would knowingly expose themselves to this level of risk" given regulatory and policy pressures to protect data.

“The truth of the matter is that many organisations still don't have consistent and complete visibility of their technology estates."

Campbell said if the Cisco vulnerability was taken out of the equation, the next four vulnerabilities were found in fewer than 20 per cent of all devices.

This article originally appeared at scmagazineuk.com