Cisco Confirms Switches Exploited by CIA via CMP Flaw; Fix Coming Soon

Last week, WikiLeaks claimed that the CIA had exploited various apps, platforms, and devices unethically to spy on people. One of the affected tech companies was Cisco, whose switches were hacked by CIA to remotely exercise control. The company has now confirmed that as many as 318 Cisco switches have a vulnerability that can allow the CIA to remotely execute malicious code and gain full control on the device.

The company issued an advisory on the matter, and claimed that currently there are "no workaround that address this vulnerability," but it's looking to roll out a fix soon. Cisco discovered the vulnerability in the Vault 7 dump by WikiLeaks.

The advisory claims that the vulnerability is in the "Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisco IOS XE Software, and it could allow an unauthenticated, remote attacker to cause a reload of an affected device or remotely execute code with elevated privileges."

It essentially stems from a "failure to restrict the use of CMP-specific Telnet options only to internal, local communications between cluster members and instead accept and process such options over any Telnet connection to an affected device, and the incorrect processing of malformed CMP-specific Telnet options."

Cisco hasn't announced when the fix is coming, but has mentioned a few things for users to do to avoid hackers from taking advantage. It recommends disabling Telnet and using SSH, and has also detailed guidelines for doing it on this support page. Users who are unable or unwilling to disable the Telnet protocol can reduce the attack surface by implementing infrastructure access control lists (iACLs). Guidelines on that can be found on this support page.

WikiLeaks recently announced that it will work with technology companies to give them technical details to work on fixes of CIA exploits. Other tech giants affected by the CIA hacking are Apple, Microsoft, Samsung, and more.