Cisco Confirms Switches Exploited by CIA via CMP Flaw; Fix Coming Soon

Advertisement
By Tasneem Akolawala | Updated: 5 April 2017 17:10 IST
Highlights
  • The company claims that the vulnerability is in CMP processing code
  • An exploit can be avoided by disabling telnet
  • Cisco promises a fix soon

Last week, WikiLeaks claimed that the CIA had exploited various apps, platforms, and devices unethically to spy on people. One of the affected tech companies was Cisco, whose switches were hacked by CIA to remotely exercise control. The company has now confirmed that as many as 318 Cisco switches have a vulnerability that can allow the CIA to remotely execute malicious code and gain full control on the device.

The company issued an advisory on the matter, and claimed that currently there are "no workaround that address this vulnerability," but it's looking to roll out a fix soon. Cisco discovered the vulnerability in the Vault 7 dump by WikiLeaks.

Advertisement

The advisory claims that the vulnerability is in the "Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisco IOS XE Software, and it could allow an unauthenticated, remote attacker to cause a reload of an affected device or remotely execute code with elevated privileges."

It essentially stems from a "failure to restrict the use of CMP-specific Telnet options only to internal, local communications between cluster members and instead accept and process such options over any Telnet connection to an affected device, and the incorrect processing of malformed CMP-specific Telnet options."

Cisco hasn't announced when the fix is coming, but has mentioned a few things for users to do to avoid hackers from taking advantage. It recommends disabling Telnet and using SSH, and has also detailed guidelines for doing it on this support page. Users who are unable or unwilling to disable the Telnet protocol can reduce the attack surface by implementing infrastructure access control lists (iACLs). Guidelines on that can be found on this support page.

WikiLeaks recently announced that it will work with technology companies to give them technical details to work on fixes of CIA exploits. Other tech giants affected by the CIA hacking are Apple, Microsoft, Samsung, and more.

 

Get your daily dose of tech news, reviews, and insights, in under 80 characters on Gadgets 360 Turbo. Connect with fellow tech lovers on our Forum. Follow us on X, Facebook, WhatsApp, Threads and Google News for instant updates. Catch all the action on our YouTube channel.

Advertisement

Related Stories

Popular Mobile Brands
  1. Nokia 235 4G (2026), 215 4G (2026) Launched; Nokia 210 4G, 200 4G Tag Along
  2. Vivo X500 Camera Details Surface Online After X500 Pro Max Leaks
  3. Amazon Prime Day Mobile Offers 2026: Best Deals on OnePlus, Nothing and More
  4. Asus Vivobook 15 (2026) Launched in India Ahead of Amazon, Flipkart Sale Events
  5. Amazon Prime Day 2026 Sale Is Live: Best Tech Deals
  6. Flipkart GOAT Sale: Top Early Deals on Smartphones, Tablets and More
  7. Huion's 2026 India Lineup Defines Next-Gen Creativity
  8. Amazon Prime Day 2026: Best Deals on Smartphones Under Rs. 30,000
  1. Cyberpunk 2077 Has Sold 40 Million Copies, CD Projekt Red Confirms
  2. Nothing Phone 1 Receives Final Software Update With Latest Security Patches, Bug Fixes and Improvements
  3. Nokia 235 4G (2026), 215 4G (2026) Launched Alongside Nokia 210 4G, and 200 4G With AI Assistant Button
  4. Samsung Galaxy S27 Ultra Battery Details Leaked; Could Top iPhone 18 Pro Max's Battery Capacity
  5. OnePlus Ace 7 Series Tipped to Feature 185Hz Display, 9,000mAh Battery
  6. WhatsApp Rolls Out Primary Device Support on iPad, Tests New Setup Screen for Android Tablets: Report
  7. Government Directs App Stores to Remove Malicious Apps Used to Disrupt E-Rickshaw Operations: Report
  8. Sony Reportedly Restructures Disc Factory After Announcing End of Physical Game Discs on PlayStation
  9. Maharashtra Legislature Passes Amendment to Bring Virtual Digital Assets Under Depositor Protection Law
  10. Redmi 17 5G NCC, SIRIM Certification Listings Reportedly Reveal Battery and Charging Details
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2026. All rights reserved.