More than 300 Cisco routers vulnerable to security flaw revealed by WikiLeaks

21 Mar 2017

Image: asharkyu/Shutterstock

The vulnerability in Cisco switches allows the CIA to take remote control. There is no fix.

Cisco Systems has revealed that 300 models of its popular switches contain a critical vulnerability, revealed recently by WikiLeaks, that lets the CIA take control remotely.

“A vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisco IOS XE software could allow an unauthenticated, remote attacker to cause a reload of an affected device or remotely execute code with elevated privileges,” Cisco said in a security update.

The CMP uses Telnet protocols to communicate, which acts as a signalling and command protocol between clustered switches.

WikiLeaks data trove

The flaw can be found in at least 318 switches.

“An attacker could exploit this vulnerability by sending malformed CMP-specific Telnet options while establishing a Telnet session with an affected Cisco device configured to accept Telnet connections. An exploit could allow an attacker to execute arbitrary code and obtain full control of the device or cause a reload of the affected device.

“Cisco will release software updates that address this vulnerability. There are no workarounds that address this vulnerability,” Cisco warned.

The vulnerability was discovered among the vast trove of data recently published by WikiLeaks, which revealed the extent of cyberweapons in the CIA’s armoury.

WikiLeaks published 8,761 classified documents from 2013, allegedly belonging to the CIA, describing methods for malware, zero-day exploits and the ability to hack iOS, Android, Windows, macOS and Linux devices.

John Kennedy is a journalist who served as editor of Silicon Republic for 17 years