Cisco Store Temporarily Closed After Malicious Code Discovery
Cisco has temporarily closed its branded merchandise online store after the discovery of malicious code that was stealing users’ data during the checkout process. The store, which sells clothing and accessories featuring the company logo, was attacked, allowing cybercriminals to inject JavaScript designed to harvest sensitive information.
It remains unclear how the malicious code was introduced to the site, though anonymous researchers believe the attack exploited the CosmicSting vulnerability (CVE-2024-34102), which affects the Adobe Commerce (Magento) platform. This vulnerability enables attackers to embed code into CMS blocks responsible for handling the checkout procedure.
Cisco stores across the U.S., Europe, and the Asia-Pacific region, including Japan and China, were offline at the time of writing. The malicious code was distributed from a domain that had been registered just two days before the issue became public knowledge. This suggests the attack likely took place over the previous weekend (August 31–September 1).
Experts discovered that the hidden JavaScript was capturing all the information entered by users during the purchase process, including credit card details, mailing addresses, phone numbers, email addresses, and login credentials.
Researchers consider CosmicSting a serious threat, as the vulnerability allows attackers to access confidential information through an external XML entity attack. The primary goal of the perpetrators was to inject malicious code into HTML or JavaScript blocks displayed at the order completion stage.
While Cisco’s store is primarily used by employees to purchase souvenirs and gifts, the injected code could have compromised their accounts. However, according to a Cisco spokesperson, no employee data was lost.
Cisco has notified a limited number of users whose data may have been affected. The site remains offline as the company continues to investigate the incident and implements measures to mitigate the threat.
