In the period of December 2010 until August 2011, Cisco shipped
warranty CDs that contain a reference to a third-party website known to be a
malware repository. When the CD is opened with a web browser, it automatically
and without warning accesses this third-party website. Additionally, on
computers where the operating system is configured to automatically open
inserted media, the computer's default web browser will access the third-party
site when the CD is inserted, without requiring any further action by the
To the best of our knowledge, starting from December 2010 until the
time of this document's publication on August 3, 2011, customers were never in
a position to have their computer compromised by using the CDs provided by
Cisco. Additionally, the third-party site in question is currently inactive as
a malware repository, so customers are not in immediate danger of having their
computers compromised. However, if this third-party web site would become
active as a malware repository again, there is a potential that users could
infect their operating system by opening the CD with their web browser.
All warranty CDs printed with "Revision -F0" (or later) do not contain
references to the third-party website and do not introduce a potential to
compromise customers' computers.
This issue was reported to Cisco by William Haisch. Cisco appreciates
the opportunity to work with researchers on security vulnerabilities and
welcomes the opportunity to review and assist in product reports.