Cisco Confirms Switches Exploited by CIA via CMP Flaw; Fix Coming Soon

Share on Facebook Tweet Share Reddit Comment
Cisco Confirms Switches Exploited by CIA via CMP Flaw; Fix Coming Soon
  • The company claims that the vulnerability is in CMP processing code
  • An exploit can be avoided by disabling telnet
  • Cisco promises a fix soon

Last week, WikiLeaks claimed that the CIA had exploited various apps, platforms, and devices unethically to spy on people. One of the affected tech companies was Cisco, whose switches were hacked by CIA to remotely exercise control. The company has now confirmed that as many as 318 Cisco switches have a vulnerability that can allow the CIA to remotely execute malicious code and gain full control on the device.

The company issued an advisory on the matter, and claimed that currently there are "no workaround that address this vulnerability," but it's looking to roll out a fix soon. Cisco discovered the vulnerability in the Vault 7 dump by WikiLeaks.

The advisory claims that the vulnerability is in the "Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisco IOS XE Software, and it could allow an unauthenticated, remote attacker to cause a reload of an affected device or remotely execute code with elevated privileges."

It essentially stems from a "failure to restrict the use of CMP-specific Telnet options only to internal, local communications between cluster members and instead accept and process such options over any Telnet connection to an affected device, and the incorrect processing of malformed CMP-specific Telnet options."

Cisco hasn't announced when the fix is coming, but has mentioned a few things for users to do to avoid hackers from taking advantage. It recommends disabling Telnet and using SSH, and has also detailed guidelines for doing it on this support page. Users who are unable or unwilling to disable the Telnet protocol can reduce the attack surface by implementing infrastructure access control lists (iACLs). Guidelines on that can be found on this support page.

WikiLeaks recently announced that it will work with technology companies to give them technical details to work on fixes of CIA exploits. Other tech giants affected by the CIA hacking are Apple, Microsoft, Samsung, and more.


For the latest tech news and reviews, follow Gadgets 360 on Twitter, Facebook, and subscribe to our YouTube channel.

Tasneem Akolawala When not expelling tech wisdom, Tasneem feeds on good stories that strike on all those emotional chords. She loves road trips, a good laugh, and interesting people. She binges on movies, sitcoms, food, books, and DIY videos. More
SpaceX Studying Landing Spots on Mars With NASA
Google Sister Company Jigsaw Offers Free Security Tools to Election Groups




© Copyright Red Pixels Ventures Limited 2019. All rights reserved.