14 DAY TRIAL // Cisco has finally worked out how to kill that critical flaw that the FBI was using to exploit its switches. The company had previously announced that a patch was coming, and now it looks like it finally delivered on that promise.
A few weeks ago, it was reported that the CIA was using a zero-day exploit which allowed attackers to issue commands that remotely executed malicious code. This issue affected 318 models of Cisco switches.
The revelation was made by Wikileaks in its Vault 7 leak series where CIA documents regarding its hacking techniques and tools are detailed.
The bug the CIA was exploiting resides in the Cisco Cluster Management Protocol, which uses the telnet protocol to deliver signals and commands on internal networks. The whole problem stems from the failure to restrict the telnet options to local communications and the incorrect processing of CMP-only telnet options.
"An attacker could exploit this vulnerability by sending malformed CMP-specific Telnet options while establishing a Telnet session with an affected Cisco device configured to accept Telnet connections. An exploit could allow an attacker to execute arbitrary code and obtain full control of the device or cause a reload of the affected device," Cisco explains in its advisory.
Software update available now
If you've been wondering just how bad this vulnerability is, you should know that it got a score of 9.8 based on the Common Vulnerability Scoring System, where 10 is the maximum score. To say it's bad is an understatement.
Nonetheless, it is now fixed as the company released software updates that address this issue. While it may have taken Cisco some time to get things done, it wanted to make sure there were no workarounds to it. Once patched, the switches become secure.
As the company pointed out in the past, the vulnerability is only active when the affected devices are configured to accept incoming telnet connections. Owners of the affected switches could already lower the risk of exploits by changing this configuration.
You can check the affected models below.