Published in Network

Cisco WANs hit by expired security certificate

by on11 May 2023


Don't turn it off and then turn it on again

Cisco's wide-area network customers have been hit with the fall out of the company having an expired security certificate and turning the equipment off and back on again makes matters worse.

Customers using vEdge SD-WAN appliances started experiencing a complete loss of service if their device was reloaded, updated, or when new templates were pushed.

The problem was caused by a cryptographic certificate, affecting the SD-WAN appliance's control plane which went into the underworld on 9 May.

“If left unaddressed, this could impact data plane connections and result in SD-WAN downtime,” Cisco said. 

The expiry could trigger networks using Cisco’s Viptela SD-WAN products for communication between their satellite offices, headquarters, and datacentres. While 

"All vEdge based SD-WAN customers are sitting on a time bomb, watching the clock with sweaty palms, waiting for their companies' WAN to implode and/or figuring out how to re-architect their WAN to maintain connectivity,"  one user moaned.

In addition to service disruptions, Cisco said organisations could experience:

  • Loss of connections to vSmart and/or vManage
  • Port-hopping tiggered
  • Control policy changes down 
  • Interface flapping
  • Sweaty palms

As of publication, it appears Cisco has released a patch resolving the issue.

Danial Dib, a senior network architect at Cisco, shared a link to a software update for Cisco customers to address the disruption and said additional updates would be rolling out soon.

 

Last modified on 11 May 2023
Rate this item
(0 votes)

Read more about: