Candlelites

Everything from Everywhere

cisco finds critical vulnerability in wikileaks docs

cisco finds critical vulnerability in wikileaks docs News Article With The full text news. The Resource Link is down the post and you can View this News Article in the source page.



cisco finds critical vulnerability in wikileaks docs

cisco learned of a vulnerability in its software from the cia documents published by wikileaks on march 7. but the security flaw wasn't included in the problems highlighted by wikileaks--cisco's security team discovered the problem themselves while digging through the "vault 7" document trove.the company said in a security advisory that the vulnerability could "allow an unauthenticated, remote attacker to cause a reload of an affected device or remotely execute code with elevated privileges." the problem was in the cisco cluster management protocol (cmp) processing code used by the cisco ios and cisco ios xe software. cisco provided a list of 318 products affected by the vulnerability; you can find the full list in the company's advisory.the vulnerability resulted from two problems:the failure to restrict the use of cmp-specific telnet options to only internal, local communications between cluster members and instead accept and process such options over any telnet connection to an affected device, andthe incorrect processing of malformed cmp-specific telnet options. cisco said it plans to address the vulnerability in future software updates and that no workarounds can mitigate the problem in the meantime. but it did advise customers to switch from the telnet protocol to ssh because "disabling the telnet protocol as an allowed protocol for incoming connections would eliminate the exploit vector." anyone who can't do that can still "reduce the attack surface by imple...