Recommendations to Mitigate Unauthorized Cisco® ROMMON Access and Validate Boot ROMs

Abstract: New attack methods have been observed targeting networking devices running Cisco Internetwork Operating System (IOS)® Classic platforms. Adversaries access the device with valid administrative credentials and then upload malicious code. Compromised devices are used to establish persistence and manipulate device behavior. Refer to the Cisco® Security Activity Bulletin for additional threat information. This Information Assurance Advisory includes recommendations and procedures to identify the loaded ROM image and recover with a trusted ROM image, improving assurance in the device.

Date Published:

Last Reviewed: 14 July 2016

Identifier: IAA-U-OO-802097-16

Creator: Vulnerability Solutions

Dissemination Control: N/A

Length: 4 page(s)

Type: Advisory/Alert; IA Technical Advisory

Tags: Advisory; Cisco; Mitigations; Network; Network Access Control; Operating Systems - OS