It looks like Cisco won't be chasing up a partnership with WikiLeaks: it's combing the "Vault7" documents itself, and has turned up an IOS / IOS XE bug in more than 300 of its switch models.
The vulnerability is in the Cisco Cluster Management Protocol (CMP) in IOS and IOS XE. The protocol passes around information about switch clusters using either Telnet or SSH.
The bug is in the default configuration of affected devices, even if the user doesn't have switch clusters configured, and can be exploited over either IPv4 or IPv6.
It's a two-fold bug: first, the protocol doesn't restrict CMP-specific Telnet to local communications, instead processing commands over "any Telnet connection to an affected device"; and second, malformed CMP-specific Telnet options are incorrectly processed.
[...] Cisco's advisory doesn't tell us if it's aware of exploits using the flaw. If they are discovered, this is very substantial news because The Reg expects there are tens of thousands, if not hundreds of thousands, of these devices installed around the world. And all look to have been at the CIA's mercy for an unknown period of time.
-- submitted from IRC
(Score: 2) by VLM on Wednesday March 22 2017, @11:45AM (1 child)
And all look to have been at the CIA's mercy
No reason to assume it was only open to the CIA.
My local police have this stick thing they can slide down a car window to unlock it when some moron locks their baby in the car, etc. That doesn't mean the only people on the planet who can unlock car doors is my local police LOL.
(Score: 0) by Anonymous Coward on Wednesday March 22 2017, @03:05PM
I don't think anyone managing such hardware really thinks just the CIA knows of it or uses it.
The reference is that it came from the wikileaks dump of CIA material. When people use a Slim Jim as you described, fat guys named Wheelz can use it, too.