Cisco finds switch ‘vulnerability’ in Wikileaks’ Vault 7 disclosure

It’s the dream of many operators to have a property that is running fully in-synch, but persistent data breaches may be reason enough to question which devices on property are working in tandem.
The Cisco vulnerability affects more than 300 Cisco products including its Cisco Catalyst Blade Switch hardware used in Dell, IBM and HP Enterprise equipment.

Cisco Systems warned that hundreds of models of its switches, mainly sold to enterprise users, can be remotely hacked, potentially allowing malicious users to “cause a reload of an affected device or remotely execute code with elevated privileges.”

Cisco said it found the vulnerability “during the analysis of documents related to the Vault 7 disclosure.” Released earlier this month by Wikileaks, Vault 7 has been described as software tools used by the CIA to spy on people through phones, TVs and other gadgets. Federal officials are investigating the leak, which included roughly 8,000 documents.

As Threatpost noted, the Cisco vulnerability affects more than 300 Cisco products including its Cisco Catalyst Blade Switch hardware used in Dell, IBM and HP Enterprise equipment.

Blitz Week

Register for FierceTelecom Blitz Week - June 15-18

As the telecom industry moves forward in the age of new technology, FierceTelecom Blitz week addresses the questions of how platforms, providers, and more will modernize to keep up with these fast-paced changes and their current status of implementing these changes. Join us June 15-18 to dive deep into the world of telecom transformation.

Cisco noted the vulnerability leverages its Cisco Cluster Management Protocol (CMP) processing code in its Cisco IOS and Cisco IOS XE software, using the Telnet protocol internally as a signaling and command protocol between cluster members.

“An attacker could exploit this vulnerability by sending malformed CMP-specific Telnet options while establishing a Telnet session with an affected Cisco device configured to accept Telnet connections. An exploit could allow an attacker to execute arbitrary code and obtain full control of the device or cause a reload of the affected device,” Cisco wrote on its security advisory site. “Cisco will release software updates that address this vulnerability. There are no workarounds that address this vulnerability.”

In a separate post, Cisco noted that Wikileaks hasn’t yet released any of the actual tools or exploits associated with Vault 7, thus allowing those who are affected a chance to plug vulnerabilities.

Nonetheless, the threat remains.

“Since cyberattackers can easily scan the internet for exposed Cisco servers using open source tools, we could see (adversaries) exploiting this newly discovered vulnerability either to create massive DDoS botnets or to snoop on traffic after gaining full control of the router,” Phil Neray, VP of industrial cybersecurity at CyberX, told Threatpost.

The news from Cisco, while by itself relatively minor in the wider topic of cybersecurity, still stands as another example of the kinds of threats that telco vendors and operators face. Indeed, the SVP of cyber engineering and technology services with CenturyLink, Bill Bradley, recently told FierceTelecom that tackling cybersecurity threats will require collaboration across multiple domains, including service providers as well as vendors and government agencies.

“I think you have to think about cybersecurity as a continuous process that would be analogous to accounting," Bradley said. “You have accounting efforts underway every day, and you have oversight, and that’s the ongoing process we have to apply to cybersecurity in order to protect a company.”

Suggested Articles

If consumers must pinch pennies, the last holdouts still using legacy landlines might cut those services and go wireless-only.

The colocation services market revenue will grow by 6.2% this year, but that's below a previous forecast of 9.2%, according to research by Omdia.

After spending the last two years aligning various elements, SES Networks' satellite-based SD-WAN service is now generally available.