Cisco urges software update to thwart counterfeit switches
Cisco is encouraging users of its popular Catalyst 2960X/2960XR switches to upgrade their IOS operating systems in an effort to combat counterfeiting.
Because of the pervasiveness of these switches on the gray market, it’s imperative that customers enable the latest software release – IOS release 15.2(7)E4 or later – to validate the authenticity, security, and performance of their Catalyst 2960X/2960XR 24/48 port Gigabit Ethernet switches, Cisco stated in a notice to customers.
Cisco uses a combination of security products – such as its Hardware Trust Anchor, Secure Unique Device Identifier (SUDI), digitally signed software images, and secure boot – to verify the authenticity of its equipment. These technologies run automated checks of hardware and software integrity and can shut down the boot process if a compromise is detected. The newer IOS includes this SUDI verification process and is based on public key infrastructure (PKI) and associated cryptography, Cisco stated.
The counterfeit warning comes as Cisco says it has seen an increase in gray market and counterfeit activity, likely due to industry-wide supply chain issues, according to Al Palladin, Cisco’s brand protection chief.
“Material shortages across the semiconductor industry, as well as logistics challenges, continue to impact supply chains globally, slowing output across multiple industries,” Palladin wrote in a recent blog. “This has resulted in extended lead-times across almost all products, and extended delivery dates.”
“Products sourced from outside Cisco’s authorized channels may not come with a valid Cisco warranty and license,” Palladin stated. “In addition, they may pass through many hands before they are delivered to you, making it possible that equipment and software have been altered to make them vulnerable to attack or premature failure.”
Supply chain issues are causing a backlog of orders across the networking industry. Arista stated earlier this year that some of the lead times on its sales are 50-70 weeks out. Cisco, in its most recent disclosure, said its current product backlog is nearly $14 billion. Juniper has reported more than $1.8 billion in backlog orders, and Extreme Networks said its total backlog is $425 million.
In addition to the counterfeit-related notice, Cisco has announced end-of-life dates for the Catalyst 2960X product family. The last day to order 2690X products is October 31, 2022. Customers should look to migrate to newer models such as the Catalyst 9200 family, Cisco stated. Customers may be able to use the Cisco Technology Migration Program (TMP) where applicable, the vendor stated.
READ MORE HERE