IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Cisco discloses Vault 7 vulnerabilities

Internal analysis seems to have identified bug revealed by WikiLeaks

Hacking Hacker Security

Cisco has identified a major vulnerability in its Cluster Management Protocol (CMP), which formed part of the WikiLeaks "Vault 7" document cache.

On 7 March, Omar Santos, principal engineer at Cisco's product security incident response team, published a blog post acknowledging that Cisco devices were among those allegedly targeted by the CIA.

At that time, little was known about the actual method of attack, other than it was a type of malware targeting multiple devices, including routers and switches, which allowed for the attacker to carry out data collection and exfiltration, HTML traffic redirection, DNS poisoning and other malicious actions.

Further analysis of the documents, though, has now enabled the company to identify what it thinks is the vulnerability in question.

In an update to the blog post, Santos said: "Based on the "Vault 7" public disclosure, Cisco launched an investigation into the products that could potentially be impacted by these and similar exploits and vulnerabilities.

"As part of the internal investigation of our own products and the publicly available information, Cisco security researchers found a vulnerability in the Cluster Management Protocol code in Cisco IOS and Cisco IOS XE Software that could allow an unauthenticated, remote attacker to cause a reload of an affected device or remotely execute code with elevated privileges."

In a security advisory, the company explained that the vulnerability, which affects scores of devices, is due to the fact the Cluster Management Protocol (CMP) uses Telnet internally.

According to the company, there are two factors that combine to create the problem:

  • A failure to restrict the use of CMP-specific Telnet options only to internal, local communications between cluster members and instead accept and process them over any Telnet connection to an affected device;
  • Incorrect processing of malformed CMP-specific Telnet options

"An attacker could exploit this vulnerability by sending malformed CMP-specific Telnet options while establishing a Telnet session with an affected Cisco device configured to accept Telnet connections. An exploit could allow an attacker to execute arbitrary code and obtain full control of the device or cause a reload of the affected device," the company explained.

Unfortunately there is, for now, no patch or workaround per se. Cisco has advised users that disabling the Telnet protocol for incoming connections and using SSH would mitigate the risk. This is the approach recommended by the company.

Cisco does recognise, however, that this approach may not be acceptable to all, or indeed may be impossible for some. In this case, the company advises implementing infrastructure access control lists.

The advisory, including a list of all affected deviced, can be found in full here.

Featured Resources

The state of Salesforce: Future of business

Three articles that look forward into the changing state of Salesforce and the future of business

Free Download

The mighty struggle to migrate SAP to the cloud may be over

A simplified and unified approach to delivering Enterprise Transformation in the cloud

Free Download

The business value of the transformative mainframe

Modernising on the mainframe

Free Download

The Total Economic Impact™ Of IBM FlashSystem

Cost savings and business benefits enabled by FlashSystem

Free Download

Recommended

Cisco to exit Russia, Belarus in business wind-down
Business operations

Cisco to exit Russia, Belarus in business wind-down

24 Jun 2022
WAN Insights is Cisco’s first foray into predictive network intelligence
Network & Internet

WAN Insights is Cisco’s first foray into predictive network intelligence

16 Jun 2022
Cisco unveils new ‘intelligent’ approach to networking with brace of product launches
Network & Internet

Cisco unveils new ‘intelligent’ approach to networking with brace of product launches

16 Jun 2022
Deepfake attacks expected to be next major threat to businesses
phishing

Deepfake attacks expected to be next major threat to businesses

16 Jun 2022

Most Popular

Cyber attack on software supplier causes "major outage" across the NHS
cyber attacks

Cyber attack on software supplier causes "major outage" across the NHS

8 Aug 2022
Why convenience is the biggest threat to your security
Sponsored

Why convenience is the biggest threat to your security

8 Aug 2022
How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

29 Jul 2022