Cisco Issues Critical Advisory After Vault7 Disclosure
Cisco has issued a critical security advisory detailing a vulnerability affecting over 300 of its switch models, which it found after analyzing the “Vault7” release of CIA exploits.
The network giant explained on Friday that the flaw could allow a remote attacker to take control of an affected device.
The bug affects Cisco IOS and IOS XE software and exists in the Cluster Management Protocol (CMP), which typically uses Telnet for inter-cluster communications and commands.
Cisco explained it as follows:
“The failure to restrict the use of CMP-specific Telnet options only to internal, local communications between cluster members and instead accept and process such options over any Telnet connection to an affected device, and the incorrect processing of malformed CMP-specific Telnet options.”
A remote attacker could therefore exploit the two-fold bug to execute arbitrary code, gaining full control over a device or causing it to reload.
The list of affected products is huge, covering 264 Catalyst switches, 51 industrial Ethernet switches, the Cisco RF Gateway 10, SM-X Layer 2/3 EtherSwitch Service Module and more.
There are no current workarounds for the flaw and Cisco is recommending affected users disable Telnet for incoming connections and instead use SSH.
“Customers unable or unwilling to disable the Telnet protocol can reduce the attack surface by implementing infrastructure access control lists (iACLs),” it added.
The firm also recommended customers use its IOS Software Checker tool in order to determine their exposure to any IOS vulnerabilities.
It will be releasing security updates to fix the issue but there’s no further information on when.
The bug was discovered after Cisco analyzed info released by WikiLeaks relating to a trove of CIA-developed zero-day exploits, dubbed “Vault7”.
If true, it means the agency might have been actively exploiting the vulnerability to attack and/or monitor targets.
WikiLeaks founder Julian Assange claimed last weekend that certain tech firms affected by the leak are dragging their heels over co-operation with the non-profit because of a conflict of interest with their government clients.
Source: Information Security Magazine