Cisco Patches Vault7 Zero-Day Vulnerabilities in 318 Switch Models

- May 10, 2017

In March WikiLeaks published a batch of CIA 8,761 documents and files that also included a trove of hacking tools and zero-day exploits. Included with the zero-day flaws was a vulnerability in the Cisco Cluster Management Protocol (CMP) processing code of the IOS and IOS XE software that manages Cisco switches.

The vulnerability allows unauthenticated, remote attackers to reboot devices and remotely execute code. CMP uses Telnet to deliver signals and commands on internal and hub networks. According to Cisco’s security advisory, the flaw stems from two factors: the failure to restrict the Telnet options to internal only communications, and the incorrect processing of malformed CMP-specific Telnet options.

By sending a malformed CMP command via Telnet while also establishing a Telnet session with an affected device that accepts Telnet connections, an attacker could execute arbitrary code on the device and obtain full control over it.

Cisco security officials have issued an Intrusion Prevention System (IPS) signature and Snort SIDs that will detect any attempts to exploit the vulnerability.

They have also issued a software update for licensed products that were affected.

See the posted advisory for more details on specific models that are vulnerable and how to update them.