Hundreds of Cisco switches vulnerable to flaw found in WikiLeaks files

The flaw was found by Cisco security researchers, despite WikiLeaks' claiming that the CIA hacking unit disclosures did not contain working vulnerabilities.
Written by Zack Whittaker, Contributor

CIA headquarters in Langley, VA. (Image: file photo)

Cisco is warning that the software used in hundreds of its products are vulnerable to a "critical"-rated security flaw, which can be easily and remotely exploited with a simple command.

The vulnerability can allow an attacker to remotely gain access and take over an affected device.

More than 300 switches are affected by the vulnerability, Cisco said in an advisory.

According to the advisory, the bug is found in the cluster management protocol code in Cisco's IOS and IOS XE software, which the company installs on the routers and switches it sells.

An attacker can exploit the vulnerability by sending a malformed protocol-specific Telnet command while establishing a connection to the affected device, because of a flaw in how the protocol fails to properly process some commands.

Cisco said that there are "no workarounds" to address the vulnerability, but it said that disabling Telnet would "eliminate" some risks.

It's not known which documents specifically Cisco were referring to. The company said a software update will fix the issue, but it did not say when it will be released.

The security flaw was discovered by the company's own security researchers in WikiLeaks' most recent disclosure of classified information, released last week.

The data dump, dubbed Vault7, relates to the CIA's clandestine cyber-offensive unit, Center for Cyber Intelligence, an elite hacking unit within the US intelligence agency that develops, builds, and tests backdoors, exploits, malicious payloads, and any other kind of malware used for the agency's covert operations worldwide.

The whistleblowing site, however, said that it had carried out thousands of redactions in order to prevent the "accidental" release of exploit code found in the files, but it came under fire for missing some sensitive information, including names, email addresses, and external IP addresses of targets.

WikiLeaks previously came under fire for inadvertently releasing malware as part of its disclosures. Last year, the organization hosted hundreds of malware files in an email dump from the communications of the Turkish AKP party, founded by President Recep Erdoğan.

Cisco too was stung by a separate release of classified hacking tools, said to have been developed by the National Security Agency, which left the company scrambling for a fix.

Motherboard reported that WikiLeaks has yet to provide details of the security flaws to the companies in question.

In a brief statement, WikiLeaks said the vulnerability, kept secret by the CIA, left "vast swathes of internet infrastructure vulnerable to cyber attacks," which it called "a clear violation of the Obama administration's 2014 commitment to not hoard pervasive vulnerabilities."

"Fortunately, WikiLeaks' Vault7 has permitted Cisco's security team to identity the vulnerability without releasing the exploit code. Cisco was the most proactive of the US manufactures and its security team initiated contact with WikiLeaks last week," said the spokesperson.

VIDEO: US and UK intelligence allegedly hacked smart TVs for surveillance purposes

Editorial standards