Cisco Patches WikiLeaks Security Vulnerability Affecting Hundreds Of Devices

Cisco has patched a critical flaw in its IOS software that affected more than 300 models of routers and switches that was discovered after WikiLeaks exposed CIA documents.

"We've spoken to a few customers about it, a few enterprise clients, and thankfully it didn't any disrupt business for us," said one top executive from a solution provider and Cisco Gold partner who did not wished to be named. "I'm glad to know they fixed the issue. … Their devices will always be a big target for attackers because Cisco is everywhere."

Cisco disclosed March 17 that it had discovered hundreds of Cisco devices were vulnerable after WikiLeaks made public a set of CIA documents referred to as the "Vault 7 leak." The security flaw stemmed from its IOS software that runs on hundreds of switches that could allow attackers to remotely executive malicious code and take control of the affected device.

[Related: Palo Alto Networks Channel Chief Leaves For Hyper-Converged Startup]

id
unit-1659132512259
type
Sponsored post

Cisco's Catalyst switching models were affected most, including many of the 2960, 3560 and 3750 series as well as Cisco's IE 2000 and 4000 Industrial Ethernet switching series.

"It put some of our Catalyst customers at risk," said the Cisco Gold partner executive. "Anytime they hear about a security vulnerability, it gets their attention and we get a call."

"We've had to address a few security [vulnerabilities] regarding IOS over the years, but Cisco has been pretty quick with letting us know about them and what we should do," the partner said.

When partners were made aware of the security flaws in March, Cisco did not have any fixes or workarounds available at the time. However, the San Jose, Calif.-based networking giant said disabling the Telnet protocol as an allowed protocol for incoming connections would eliminate the vulnerability.

Cisco said an attacker could exploit the vulnerability by sending malformed Cluster Management Protocol (CMP)-specific Telnet options while establishing a Telnet session with an affected Cisco device configured to accept Telnet connections. An exploit could allow an attacker to execute arbitrary code and obtain full control of the device or cause a reload of the affected device.

Cisco Monday said it had released software updates that address the vulnerability, urging customers to install the fixed versions of the IOS.

Cisco's security business is the vendor's fastest-growing market segment.

For its most recent second fiscal quarter, the company reported 14 percent growth in security year over year to $528 million. It was Cisco's fifth consecutive quarter of double-digit growth in security.