Cisco warning over Telnet zero-day uncovered in Wikileaks' Vault7 disclosures affecting 300 switches
Turn off Telnet until a patch is issued, urges Cisco
Cisco has warned users of more than 300 of its enterprise switch devices of a critical zero-day vulnerability, uncovered following an analysis of the Wikileaks' Vault7 cache of documents disclosed two weeks ago.
The vulnerability in the Cluster Management Protocol in Cisco IOS, the operating system that runs the devices, gets round security measures that should enable users to restrict the use of Telnet.
"The Cluster Management Protocol [CMP] utilises Telnet internally as a signaling and command protocol between cluster members," according to an advisory rushed out by Cisco on Friday night.
"This vulnerability was found during the analysis of documents related to the Vault 7 disclosure," it adds. The vulnerability is due to the combination of two factors:
The failure to restrict the use of CMP-specific Telnet options only to internal, local communications between cluster members and instead accept and process such options over any Telnet connection to an affected device; and,
The incorrect processing of malformed CMP-specific Telnet options.
It continues: "An attacker could exploit this vulnerability by sending malformed CMP-specific Telnet options while establishing a Telnet session with an affected Cisco device configured to accept Telnet connections. An exploit could allow an attacker to execute arbitrary code and obtain full control of the device or cause a reload of the affected device."
However, a patch for the vulnerability is not available yet, and users have therefore been advised to completely disable Telnet, regardless of the inconvenience this may cause IT departments. Users should use SSH instead, advises Cisco.
In total the vulnerability affects 264 Catalyst switches, 51 Ethernet switches and three other devices.
While it is feared that the CIA has exploited the flaw, there is currently no known exploit being used in the wild, but that could quickly change. The IOS Software Checker tool will be updated once fixed software becomes available, advises Cisco.