Cisco issued a critical advisory on a number of security updates to address vulnerabilities in more than 300 of its switch models, some of which were detailed in Vault7, a recent dump from WikiLeaks on the secret Center for Cyber Intelligence, a clandestine hacking group within the CIA that develops, builds and tests exploits and malware employed by the agency for covert ops.
Exploitation of any of these flaws could enable an unauthenticated, remote attacker to cause a reload of an affected device or remotely execute code with elevated privileges, the report stated.
Users and administrators are advised to apply the necessary updates.
- IPv6 Denial of Service Vulnerability (link is external)
- Autonomic Networking Infrastructure Registrar Denial of Service Vulnerability
A bug in the Cluster Management Protocol code of its IOS and IOS XE software may impact 300 switches offered by the company all of which could be potentially be exploited by a malformed protocol-specific Telnet command, and allow a remote attacker to execute arbitrary code and gain full control of a device or initiate a reload of the device.
“The failure to restrict the use of CMP-specific Telnet options only to internal, local communications between cluster members and instead accept and process such options over any Telnet connection to an affected device, and the incorrect processing of malformed CMP-specific Telnet options,” Cisco explained in the advisory.
There are currently no workarounds for the flaw, Cisco explained. Instead, the company suggested that affected users disable Telnet for incoming connections. Patches will be forthcoming once fixed software becomes available, the company said, although no date was scheduled.
WikiLeaks said the vulnerability, kept under wraps by the CIA, left "vast swathes of internet infrastructure vulnerable to cyber attacks." However, no exploit code was released.