Cisco Says CIA Can Exploit 318 of Its Switches, Promises Fix

[CrAKeN]

 

Cisco discovers the CIA has a way to exploit its switches

 

Bad news coming from Cisco Systems. The company admitted that 318 models of switches it sells come with a critical vulnerability that allows the CIA to use a simple command to remotely execute malicious code with the purpose of taking full control of the devices. If this wasn't bad enough, the company says there's no fix for the problem. 

 

The discovery was made after the company analyzed a set of documents published by WikiLeaks two weeks ago in its massive Vault 7 reveal. The files are believed to come from the CIA, but there are concerns regarding the source of the leak.

 

The flaw, it seems, can be found in 318 switches, residing in the Cisco Cluster Management Protocol (CMP). Remote attackers, such as the CIA, can execute code that runs with elevated privileges. The CMP uses the telnet protocol to deliver signals and commands on Internet networks.

 

"An attacker could exploit this vulnerability by sending malformed CMP-specific telnet options while establishing a telnet session with an affected Cisco device configured to accept telnet connections. An exploit could allow an attacker to execute arbitrary code and obtain full control of the device or cause a reload of the affected device," reads the advisory.

 

The company further warns that vulnerable switches will process CMP-specific telnet options by default, even if there are no cluster configuration commands present on the device configuration.

 

A fix is coming

Cisco lists Catalyst switches as being affected the most by the problem, but also Industrial Ethernet switches and embedded services. The company is working on a fix, but there's no timeline for when it is going to land.

 

It should be noted, however, that according to Cisco, the vulnerability is only active when the affected devices are configured to accept incoming telnet connections. By changing this configuration, you can lower the risk of exploits until a fix is released for the problem.

 

Source

[UnknownOne]

so would be a great way to set up worldwide bounces then..