Cisco Partners Swoop In To Remediate WikiLeaks Switch Vulnerability Affecting Hundreds Of Devices


Printer-friendly version Email this CRN article

"Cisco is a main target for hackers because they basically own most of the network – it's really that simple," said one top executive from a solution provider and longtime Cisco partner, who did not wish to be named. "This is a big fire to put out – 300 products -- but they seem to be handling it well enough right now."

The executive said his company will be contacting customers who have affected products but does not believe it will be a issue that will drain resources.

"This is why [channel] partners are here to help when problems sprout out from nowhere, especially security problems like this," said the executive. "It's a lot of switches here. We'll handle it on a case-by-case basis. … Security is a huge priority."

Cisco's security business is the vendor's fastest-growing market segment.

For its most recent second fiscal quarter, the company reported 14 percent growth in security year over year to $528 million. It was Cisco's fifth consecutive quarter of double-digit growth in security.

Cisco security researchers found the vulnerability in its CMP code in Cisco IOS and Cisco IOS XE Software that could allow an unauthenticated, remote attacker to cause a reload of an affected device or remotely execute code with elevated privileges.

The CMP uses Telnet internally as a signaling and command protocol between cluster members, according to a critical warning advisory Cisco published March 17. Customers who are unable or unwilling to disable the Telnet protocol can reduce the attack by implementing infrastructure access control lists (iACLs), according to Santos.

A top executive for one of Cisco's largest enterprise partners applauded the company for its quick response to the breach highlighted by WikiLeaks.

"Cisco is all over this," said the executive, who declined to be named. "They have a threat intelligence group called Talos that is second to none. Talos is solving problems like this every day."

Printer-friendly version Email this CRN article