Cisco Discoverers Networking Switch Bug In WikiLeaks’s Vault 7 Data Leak

The bug allows for unauthorised code execution on 318 of Cisco’s switch models

Cisco has discovered a security flaw in 318 of its networking switch models after the company analysed the Vault 7 documents released by WikiLeaks.

The flaw, which was known to the CIA, could enable an attacker to remotely execute arbitrary code on the affected switches or trigger them to be reloaded.

The security vulnerability stems from the Cisco Cluster Management Protocol (CMP) in the company’s IOS and IOS XE multitasking operating systems used for managing functions such as routing, switching, networking and telecommunications in its network switches and routers.

As CMP passes around data using the Telnet or SSH networking protocols, the bug could allow attackers to exploit affected devices using the IPv4 or IPv6 internetworking protocols.

Switch security flaw

bug-flaw-patchThe vulnerability has presents two main dangers, the first being that it does not restrict CMP-specific Telnet to local connections, rather allows the processing on commands over ant established Telnet connection. The second is that malformed CMP-specific Telnet functionality are incorrectly processed leading to the potential to execute code remotely.

“An attacker could exploit this vulnerability by sending malformed CMP-specific Telnet options while establishing a Telnet session with an affected Cisco device configured to accept Telnet connections. An exploit could allow an attacker to execute arbitrary code and obtain full control of the device or cause a reload of the affected device,” Cisco’s advisory explained.

Seizing control of switches could enable hackers to wreak havoc on a company’s networking infrastructure.

Cisco noted that it will release a software update for the affected switches in order to plug the security hole, but for the time being it recommends users of the vulnerable switches disable Telnet as an allowed protocol for incoming connections and make use of just SSH instead.

“Customers unable or unwilling to disable the Telnet protocol can reduce the attack surface by implementing infrastructure access control lists (iACLs),” Cisco noted.

The company has yet to reveal any data or examples indicating that the bug has been exploited out in the wild, but given the CIA’s knowledge of the flaw for an undetermined amount of time, it would not take too much of a leap in imagination to be left with the idea that the US agency may have exploited the flaw to commit cyber espionage.

Given the widespread use of Cisco switches in enterprises, the vulnerability appears to be fairly serious even though it is limited to only working through Telnet connections.

Do you know all about security? Try our quiz!