That’s a bug, not a feature, so Cisco urges patching to protect its IP and carriers’ networks
Cisco is asking service providers using its Universal Small Cell kit to install a patch, because as it now stands, the devices’ firmware could be copied by an outsider.
As the Borg’s advisory puts it, the bug “could allow an unauthenticated, remote attacker to retrieve firmware from a Cisco-hosted binary server”.
The firmware retrieval process is supposed to be restricted to Universal Small Cell devices, but Cisco explains that the binary server wasn’t properly enforcing the two-way certificate validation process.
If someone has retrieved a valid key from a Universal Small Cell device, they could decrypt the binary images, and also get access to the service provider configuration hints file.
The hints file also exposes information that service providers would probably prefer kept secret, since it exposes the IP addresses provisioned in the provider’s radio access network management system.
It’s also the kind of leak that could be exploited by ne’er-do-wells wanting to run up knock-offs of the Universal Small Cells. ®
Building secure multi-factor authentication