Per Cisco: “The vulnerability is due to the presence of a default SSH key pair that is present in all devices. An attacker could exploit this vulnerability by opening an SSH connection via IPv6 to a targeted device using the extracted key materials. This vulnerability is only exploitable over IPv6; IPv4 is not vulnerable.” There is no workaround, however Cisco has released free software updates that address the vulnerability.
2 Important Take-Aways:
A free software update is available regardless of contract status. This is actually true for all of Cisco’s products. All OEM’s are held to a higher standard regarding security. They are required to fix known security vulnerabilities for the protection of all businesses and commerce that have a web presence. If you are renewing SMARTnet just for the sake of IOS updates and the hardware is not within its first 18 months since release, let’s talk about alternatives.
I hate seeing Cisco test their products at the expense of their customer’s production environments. Its always something. Without new features there would be no reason for customers to purchase new hardware, but how often are the new features really solving a problem that exists? Furthermore, how often do the new solutions actually work or deliver the propositioned value? I know its fun to have the latest and greatest, but I also know after 20 years of networking, and even in my own personal consumer purchases, that the euphoria of new is often short lived. Have you ever wanted to use a product longer, or purchase a product that is no longer available? Of course you have. Older generation hardware exists in every network on this planet. Or, it will at some point. Why run from it? Embrace it!