Your IT Consultant

Information Technology Blog
by John W. Simek, Vice President of Sensei Enterprises, Inc.

Over 300 Cisco Switch Models Vulnerable to Compromise

March 22, 2017

There's good news and bad news concerning the "Vault 7" data dump from WikiLeaks. So far, the good news is that a large number of the identified vulnerabilities have already been fixed by the manufacturers and updating your systems protects you from the reveled attacks. The bad news is that the WikiLeaks data caused Cisco to release a critical warning for over 300 of its Catalyst switches and network modules. Cisco revealed that the exploit could allow the CIA to use a simple command with the purpose of taking full control of the devices.

The vulnerability resides in the Cisco Cluster Management Protocol (CMP), which uses the telnet protocol to deliver signals and commands on the internal network. The Cisco advisory states "An attacker could exploit this vulnerability by sending malformed CMP-specific telnet options while establishing a Telnet session with an affected Cisco device configured to accept telnet connections. An exploit could allow an attacker to execute arbitrary code and obtain full control of the device or cause a reload of the affected device."

There is a complete listing of the impacted products in the advisory notice. There is no fix currently available. Cisco recommends disabling the Telnet protocol and using SSH for incoming connections. If you can't disable Telnet, Cisco recommends implementing infrastructure access control lists.

E-mail: Phone: 703.359.0700
Digital Forensics/Information Security/Information Technology
http://www.linkedin.com/in/johnsimek
https://amazon.com/author/johnsimek
http://www.senseient.com