Cisco Merchandise Store Compromised by Hackers Using Malicious JavaScript
September 4, 2024
Cisco's online merchandise store, which sells company-themed items, has been compromised by hackers who injected malicious JavaScript code into the site. This code was designed to steal sensitive customer details during the checkout process. The exact method by which the malicious JavaScript was introduced to Cisco's store remains unknown, but anonymous researchers suggest it seems to be a CosmicSting attack (CVE-2024-34102).
The Cisco Merchandise Store, a gift shop that offers Cisco-branded items such as apparel and accessories, is currently offline and undergoing maintenance. Cisco stores across the U.S., Europe, and Asia Pacific, Japan and China (APJC) are all unavailable at this time.
The malicious JavaScript was delivered from the domain rextension.[net], which was registered on August 30, just two days prior to the discovery of the attack. This suggests the breach likely occurred over the weekend. The script is heavily obfuscated and designed to collect data entered during the checkout process, including all required credit card details for online payments.
Further analysis of the deobfuscated script revealed that it is also capable of stealing additional information such as postal addresses, phone numbers, email addresses, and user login credentials. The researchers who discovered the attack believe the threat actor likely exploited the CosmicSting vulnerability (CVE-2024-34102) to insert the malicious JavaScript into Cisco's store.
CosmicSting is a severe security flaw affecting the Adobe Commerce (Magento) shopping platform. It is an XML external entity injection (XXE) vulnerability that enables an attacker to access private data. In a CosmicSting attack, the attacker's goal is to inject HTML or JavaScript code into CMS blocks that are rendered in the checkout process, as explained by Willem de Groot, founder and architect at Sansec.
While the Cisco store is predominantly used by employees purchasing merchandise for personal use or as gifts, the malicious script could potentially allow the attackers to collect Cisco employee credentials. Cisco was contacted for comments regarding the attack, but no response had been received at the time of publishing.
Related News
- CISA Updates Known Exploited Vulnerabilities Catalog with Adobe, SolarWinds, and VMware Bugs
- Major Supply Chain Attack Impacts Over 110,000 Websites Through Hijacked Polyfill Service
- CosmicSting Vulnerability Threatens Majority of Adobe Commerce and Magento Websites
Latest News
- SonicWall SSLVPN Vulnerability Exploited in Cyber Attacks: Urgent Call for Patching
- Critical Remote Code Execution Vulnerability Detected in Veeam Backup & Replication Software
- Cisco Addresses Command Injection Vulnerability with Public Exploit Code
- Cisco Addresses Backdoor Admin Account in Smart Licensing Utility
- Google Addresses Actively Exploited Android Flaw: Releases Monthly Security Update
Like what you see?
Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.