You are here

T-685: Cisco Warranty CD May Load Malware From a Remote Site

August 5, 2011 - 3:26pm

Addthis

PROBLEM:

A vulnerability was reported in the Cisco Warranty CDs. A remote user may be able to cause arbitrary code to be executed on the target user's system.

PLATFORM:

Cisco Warranty CD - From December 2010 until August 2011

ABSTRACT:

Cisco Warranty CD May Load Malware From a Remote Site.

reference LINKS:

SecurityTracker Alert ID: 1025883
Cisco Document ID: 113091

IMPACT ASSESSMENT:

High

Discussion:

Note: CDs shipped prior to August 2011 do not contain revision information (such as "-D0" and "-E0" as listed in the preceding table of affected part numbers).

Although there are no distinguishable markings on the CDs, all warranty CDs shipped in the period of December 2010 through August 2011 do contain a reference to the third-party site.
Warranty CDs shipped in August 2011 will have their revision designator printed on them in the form "Revision -X0", where X is a letter denoting the CD revision. Warranty CDs with the revision "-F0" or later do not contain a reference to the third-party website.

Impact:

In the period of December 2010 until August 2011, Cisco shipped warranty CDs that contain a reference to a third-party website known to be a malware repository.

When the CD is opened with a web browser, it automatically and without warning accesses this third-party website. Additionally, on computers where the operating system is configured to automatically open inserted media, the computer's default web browser will access the third-party site when the CD is inserted, without requiring any further action by the user. To the best of our knowledge, starting from December 2010 until the time of this document's publication on August 3, 2011, customers were never in a position to have their computer compromised by using the CDs provided by Cisco. Additionally, the third-party site in question is currently inactive as a malware repository, so customers are not in immediate danger of having their computers compromised. However, if this third-party web site would become active as a malware repository again, there is a potential that users could infect their operating system by opening the CD with their web browser.

All warranty CDs printed with "Revision -F0" (or later) do not contain references to the third-party website and do not introduce a potential to compromise customers' computers.

Solution:

Security Vulnerability Policy

Addthis