Cisco reports bug disclosed in WikiLeaks' Vault 7 CIA dump

More than 300 Borg switches carry critical IOS Telnet vuln the CIA knew about before Cisco


It looks like Cisco won't be chasing up a partnership with WikiLeaks: it's combing the "Vault7" documents itself, and has turned up an IOS / IOS XE bug in more than 300 of its switch models.

The vulnerability is in the Cisco Cluster Management Protocol (CMP) in IOS and IOS XE. The protocol passes around information about switch clusters using either Telnet or SSH.

The bug is in the default configuration of affected devices, even if the user doesn't have switch clusters configured, and can be exploited over either IPv4 or IPv6.

It's a two-fold bug: first, the protocol doesn't restrict CMP-specific Telnet to local communications, instead processing commands over “any Telnet connection to an affected device”; and second, malformed CMP-specific Telnet options are incorrectly processed.

“An attacker could exploit this vulnerability by sending malformed CMP-specific Telnet options while establishing a Telnet session with an affected Cisco device configured to accept Telnet connections. An exploit could allow an attacker to execute arbitrary code and obtain full control of the device or cause a reload of the affected device”, Cisco's advisory states.

The bug affects 264 Catalyst switches, as well as 51 industrial Ethernet switches and three other devices, if they're running IOS and configured to accept Telnet connections.

Until fixes are available, Cisco says Telnet should be disabled in favour of SSH.

Cisco's advisory doesn't tell us if it's aware of exploits using the flaw. If they are discovered, this is very substantial news because The Reg expects there are tens of thousands, if not hundreds of thousands, of these devices installed around the world. And all look to have been at the CIA's mercy for an unknown period of time. ®

Similar topics

Narrower topics


Other stories you might like

  • Datacenter networks: You'll manage them from the cloud, eventually, claims Cisco
    Nexus portfolio undergoes cloudy Software-as-a-Service revamp

    Cisco's Nexus Cloud will eventually allow customers to manage their datacenter networks entirely from the cloud, says the networking giant.

    The company unveiled the latest addition to its datacenter-focused Nexus portfolio at Cisco Live this week, where the product set got a software-as-a-service (SaaS) revamp.

    "It's targeted at network operations teams that need to manage, or want to manage, their Nexus infrastructure as well as their public-cloud network infrastructure in one spot," Cisco's Thomas Scheibe – VP product management, cloud networking for Nexus & ACI product lines – told The Register.

    Continue reading
  • Cisco execs pledge simpler, more integrated networks
    Is this the end of Switchzilla's dashboard creep?

    Cisco Live In his first in-person Cisco Live keynote in two years, CEO Chuck Robbins didn't make any lofty claims about how AI is taking over the network or how the company's latest products would turn networking on its head. Instead, the presentation was all about working with customers to make their lives easier.

    "We need to simplify the things that we do with you. If I think back to eight or ten years ago, I think we've made progress, but we still have more to do," he said, promising to address customers' biggest complaints with the networking giant's various platforms.

    "Everything we find that is inhibiting your experience from being the best that it can be, we're going to tackle," he declared, appealing to customers to share their pain points at the show.

    Continue reading
  • If you're using older, vulnerable Cisco small biz routers, throw them out
    Severe security flaw won't be fixed – as patches released this week for other bugs

    If you thought you were over the hump with Patch Tuesday then perhaps think again: Cisco has just released fixes for a bunch of flaws, two of which are not great.

    First on the priority list should be a critical vulnerability in its enterprise security appliances, and the second concerns another critical bug in some of its outdated small business routers that it's not going to fix. In other words, junk your kit or somehow mitigate the risk.

    Both of these received a CVSS score of 9.8 out of 10 in severity. The IT giant urged customers to patch affected security appliances ASAP if possible, and upgrade to newer hardware if you're still using an end-of-life, buggy router. We note that miscreants aren't actively exploiting either of these vulnerabilities — yet.

    Continue reading

Biting the hand that feeds IT © 1998–2022