This site may earn affiliate commissions from the links on this page. Terms of use.

Cisco-Catalyst-family

A cache of CIA documents was dropped on the net two weeks ago via WikiLeaks. It was a huge volume of information, some of which detailed CIA tools for breaking into smartphones and even smart TVs. Now, Cisco has said its examination of the documents points to a gaping security hole in more than than 300 models of its switches. There's no patch for this critical vulnerability, but it's possible to mitigate the take a chance with some settings changes.

Cisco'due south security arm sent out an advisory on Friday alerting customers that the IOS and IOS XE Software Cluster were vulnerable to hacks based on the leaked documents. The 318 afflicted switch models are mostly in the Catalyst serial, simply at that place are as well some embedded systems and IE-serial switches on the listing. These are enterprise devices that cost a few thousand dollars at least. Then, goose egg in your house is affected past this item set on.

The vulnerability is tied to the style Cisco'south Cluster Management Protocol (CMP) utilizes Telnet for internal signaling. It is possible to accidentally leave the Telnet protocol open up to outside commands. This is a somewhat common mistake, and that's what the CIA exploit is based upon. Information technology works past feeding a malformed CMP-specific Telnet ping into the switch while establishing a new Telnet session. This can grant the remote user the power to run arbitrary lawmaking on the switch, which is essentially the holy grail of exploits. The CIA could utilize this method to proceeds total control of the device, and thus all the traffic passing through information technology.

Cisco says there'southward currently no mode to patch the switch firmware to prevent this attack. The upshot lies in the mode vulnerable devices process Telnet commands. Specifically, they process all of them, even if no "cluster management commands" are present in the device'southward configuration. There are two changes network administrators can brand to prevent the assault from working. First, disable Telnet for incoming connections. If for some reason that'due south not viable for a business to disable Telnet pings, an access list can be used to strictly limit the devices that are allowed to transport Telnet requests.

The specific lawmaking used to gain access to the switches was not included in the documents dumped past WikiLeaks. The organization claimed it would disembalm those to companies privately in order to get the holes patched. However, Motherboard reports that has still to happen. Cisco says it will effect a patch at some point in the future, but no timeline is bachelor.