Cisco finds Telnet zero-day flaw in WikiLeaks CIA dump that affects over 300 models

Cisco has uncovered a critical vulnerability that affects over 300 models of switches. The security flaw can potentially allow hackers to remotely exploit systems with just a simple command. Cisco researchers claimed that they uncovered the vulnerability while analysing the WikiLeaks CIA Vault 7 dump.

According to an advisory sent out by Cisco, the zero-day vulnerability, found in at least 318 switches, can allow attackers to send out code that runs with elevated privileges, which would then allow the hacker to remotely hijack the vulnerable device. Hackers can exploit vulnerable devices by sending out a malformed protocol-specific Telnet command while establishing a connection with a vulnerable device.

Cisco said the zero-day vulnerability was found in the cluster management protocol (CMP) processing code in IOS and IOS XE software products, which the firm installs on the routers and switches it sells.

There are currently "no workarounds" that can fix the security flaw. However, Cisco said that disabling Telnet would "eliminate the exploit vector".

Commenting on Cisco's disclosure, security firm FireMon CTO Paul Calatayud told IBTimes UK: "It is always a good thing when a security vendor takes a proactive approach in discovering and announcing that there is a new exploit. Cisco did the right thing here. Even better, there is a simple fix which it to disable Telnet, and use stronger protocols that are available and supported.

"This action would be part of any Cisco's best practice anyway, so the question is do you have technologies that can assist in managing configurations to properly inform you that you are using risky protocols? If the answer is no, then the window that attackers have to take advantage of the weak point could be a lot bigger than those who do, making your organisation incredibly vulnerable to attack."

WikiLeaks Vault 7

Cisco's disclosures mark the first major manufacturer warning customers of vulnerabilities related to exploits detailed in the WikiLeaks Vault 7 publications. The whistleblowing site claimed that it had made thousands of redactions before publishing the alleged CIA documents, in efforts to avoid any accidental release of the exploits included in the files.

"Fortunately, WikiLeaks' Vault7 has permitted Cisco's security team to identity the vulnerability without releasing the exploit code. Cisco was the most proactive of the US manufactures and its security team initiated contact with WikiLeaks last week," a WikiLeaks spokesperson said, ZDNet reported.