Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1099
Views
0
Helpful
2
Replies

Verify IOS MD5 Hash, Possible Compromised Switch

adonsius_artollo
Level 1
Level 1

‎05-15-2021 08:29 AM

I have a Cisco C2960 in production which was compromised. The switch has been pulled and I'm trying to determine if the IOS image was tampered with.

 

Since the switch is End-of-Life / End-of-Support, I'm unable to get from Cisco what the hash is to validate the authenticity of the image. I'm throwing a Hail Mary and hoping someone has the MD5 hash for the following image to verify against what I have.

 

Version 12.2(53)SE2

c2960-lanbasek9-mz.122-53.SE2.bin

 

Any help is highly appreciated, or if someone can direct me to where I may be able to find this info I will be forever indebted. 

 

Thanks,

Andres

Labels:
0 Helpful
2 Replies 2

marce1000
Hall of Fame
Hall of Fame

‎05-15-2021 08:45 AM

 

 - Perhaps you could just install this gold-starred release :

            https://software.cisco.com/download/home/281231709/type/280805680/release/12.2.55-SE12

 where you can still verify the md5sum from (as it is available for download).

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful

Leo Laohoo
Hall of Fame
Hall of Fame

‎05-15-2021 05:17 PM

Do you have a Cisco SE/AM?  If you do, reach out to them.  Cisco PSIRT has published some references and procedures on what-to-do and what-to-collect if operators suspect a Cisco appliance has been compromised.  (I am unable to find that document.)

Another thing, describe the "compromise".  

My first guess is Smart Install (aka "vstack") was left enabled.

0 Helpful
Customers Also Viewed These Support Documents