Cisco Partners Swoop In To Remediate WikiLeaks Switch Vulnerability Affecting Hundreds Of Devices


Printer-friendly version Email this CRN article

Cisco Systems partners are already advising customers on how to bypass a critical security vulnerability affecting more than 300 routers and switches discovered after WikiLeaks exposed CIA documents.

Future Tech, No. 167 on the 2016 CRN Solution Provider 500, is in the process of advising its top customers on how to remediate the vulnerability, which affects numerous Cisco switches, said Future Tech CEO Bob Venero.

"I have a call with one of our top customers in a few minutes and it will be the first topic of conversation," said Venero. "This is a vulnerability that puts some of the biggest corporations and government agencies at risk."

[Related: Here's Who Made Gartner's 2017 Magic Quadrant For Network Performance Monitoring And Diagnostics]

On March 17, Cisco disclosed that it had discovered hundreds of Cisco devices were vulnerable after WikiLeaks made public a set of CIA documents referred to as the "Vault 7 leak."

Cisco's Catalyst switching models were affected most, including many of the 2960, 3560 and 3750 series as well as Cisco's IE 2000 and 4000 Industrial Ethernet switching series.

There is currently no fix or workarounds available; however, disabling the Telnet protocol as an allowed protocol for incoming connections would eliminate the vulnerability, said Omar Santos, Cisco Product Security Incident Response Team (PSIRT) Security Research and Operations, in a blog post.

Cisco said it will release software updates that address the vulnerability, although the company did not specify when the software will be made available.

"Since none of the tools and malware referenced in the initial Vault 7 disclosure have been made available by WikiLeaks, the scope of action that can be taken by Cisco is limited," said Santos in the blog post.  "An ongoing investigation and focused analysis of the areas of code that are alluded to in the disclosure is under way. … What we can do, have been doing, and will continue to do, is to actively analyze the documents that were already disclosed."

Cisco said an attacker could exploit the vulnerability by sending malformed Cluster Management Protocol (CMP)-specific Telnet options while establishing a Telnet session with an affected Cisco device configured to accept Telnet connections, according to Cisco's security warning. An exploit could allow an attacker to execute arbitrary code and obtain full control of the device or cause a reload of the affected device, said Cisco.

The San Jose, Calif.-based company is a prime target for hackers because of its dominant share in the networking market, said partners.

Printer-friendly version Email this CRN article