Cisco systems have updated their IOS and IOS XE softwares to deal with a severe vulnerability issue which has affected more than three hundred of their switch models. It had taken them approximately two months to resolve the issue after it was exposed by CIA Vault 7 leaks.
The Vault 7 leaks, consisting of thousands of important documents, claimed of including the confidential techniques of hacking by U.S. Central Intelligence Agency. Cisco systems found about the vulnerability issue in their devices while going through the Vault 7 leaks, leaked by Wikileaks.
After knowing about the issue, the company revealed it and warned the users about it on 10th April. Despite of providing a temporary solution and releasing a proof of concept (POC) exploit, the company resolved the issue this week nearly two months after its discovery.
The problem was found in the Cluster Management Protocol (CMP) of IOS and IOS XE softwares. CMP uses Telnet or SSH protocol to transfer signals and commands between internal networks.
The company experts told that the vulnerability can be exploited by sending deformed or stipulated CMP-specific Telnet options while establishing a Telnet connection with an affected device configured to accept Telnet connections. After the connection has set, an unauthorized remote attacker can bring the device completely into his control and can easily execute harmful codes. The only possible solution was to disconnect Telnet connection and use SSH but the experts strongly recommend to install the patch again since the issue has been resolved now.
The vulnerability had an impact on the default configuration of the affected devices and affects 264 Catalyst switches, 51 industrial Ethernet switches, and 3 other IOS supported devices if they are configured to accept Telnet connections.
The switch models which were affected are Catalyst switches, Embedded Service 2020 switches, IE Industrial Ethernet switches, ME 4924-10GE switch, Enhanced Layer 2/3 EtherSwitch Service Module, Enhanced Layer 2 EtherSwitch Service Module, RF Gateway 10, SM-X Layer 2/3 EtherSwitch Service Module, and Gigabit Ethernet Switch Module for HP.
This was a highly risky issue and was rated 9.8 according to the Common Vulnerability Scoring System.