Critical Cisco Flaw Found Buried in Vault 7 Documents

Cisco Announces Quarterly Earnings

Cisco reports bug disclosed in Wikileaks' Vault 7 CIA dump • The

Cisco said at the time that "the Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory".

According to the advisory, the bug is found in the cluster management protocol code in Cisco's IOS and IOS XE software, which the company installs on the routers and switches it sells.

Cisco noted that it will release a software update for the affected switches in order to plug the security hole, but for the time being it recommends users of the vulnerable switches disable Telnet as an allowed protocol for incoming connections and make use of just SSH instead. But the security flaw wasn't included in the problems highlighted by WikiLeaks-Cisco's security team discovered the problem themselves while digging through the "Vault 7" document trove. It also includes Embedded Service 2020 switches, SM-X Layer 2/3 EtherSwitch Service Module, and Cisco RF Gateway.

"The failure to restrict the use of CMP-specific Telnet options only to internal, local communications between cluster members and instead accept and process such options over any Telnet connection to an affected device, and the incorrect processing of malformed CMP-specific Telnet options".

The vulnerability can allow an attacker to remotely gain access and take over an affected device.

The American technology conglomerate has combed WikiLeaks' Vault 7 itself and found that there's a bug on the IOS or Internetwork Operating system and IOS XE in over 300 of the switch models, The Register reported. The majority of affected devices are products in the company's Cisco Catalyst range of switches. In it, the members discuss various exploits and the vulnerabilities they target in products from Apple, Microsoft, Samsung, Cisco, and others.

"An attacker could exploit this vulnerability by sending malformed CMP-specific Telnet options while establishing a Telnet session with an affected Cisco device configured to accept Telnet connections". This isn't a full workaround as it requires network-level intervention and in many cases won't be possible for the customer.

Cisco too was stung by a separate release of classified hacking tools, said to have been developed by the National Security Agency, which left the company scrambling for a fix. There is no word on when the patches will be made available.

Otras noticias