Cisco this week said it patched a critical vulnerability in its widely deployed IOS software that was disclosed in the WikiLeaks dump of CIA exploits earlier this year.
Cisco had in March issued a “critical” security advisory for the IOS software that runs on some 300 models of its Catalyst switches and other networking equipment.
+More on Network World: FBI/IC3: Vile $5B business e-mail scam continues to breed+
Cisco this week wrote: “A vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected device or remotely execute code with elevated privileges.”
Cisco said the Cluster Management Protocol uses Telnet internally as a signaling and command protocol between cluster members. The vulnerability is due to the combination of two factors:
- The failure to restrict the use of CMP-specific Telnet options only to internal, local communications between cluster members and instead accept and process such options over any Telnet connection to an affected device.
- The incorrect processing of malformed CMP-specific Telnet options.
In March Cisco said, “based on the ‘Vault 7’ public disclosure, it launched an investigation into the products that could potentially be impacted by these and similar exploits and vulnerabilities. As part of the internal investigation of our own products and the publicly available information, in terms of mitigations to consider, disabling the Telnet protocol as an allowed protocol for incoming connections would eliminate the exploit vector. Disabling Telnet and using SSH is recommended by Cisco. Information on how to do both can be found on the Cisco Guide to Harden Cisco IOS Devices. Customers unable or unwilling to disable the Telnet protocol can reduce the attack surface by implementing infrastructure access control lists (iACL).
Cisco wrote that there are no workarounds that address this vulnerability but disabling the Telnet protocol and using SSH as an allowed protocol for incoming connections would eliminate the exploit vector. Information on how to do both can be found on the Cisco Guide to Harden Cisco IOS Devices.
+More on Network World: Arista infringed on two original Cisco patents, ITC finds+
Cisco said customers unable or unwilling to disable the Telnet protocol can reduce the attack surface by implementing iACLs. Information on iACLs can be found on the following document: Protecting Your Core: Infrastructure Protection Access Control Lists.