The security flaw was discovered by Cisco security researchers in WikiLeaks. Seven files made available by WikiLeaks in mid-march, these files represent exploits used by the CIA to hack mobile devices, desktop systems, networking equipment and IoT devices.The vulnerability can allow an attacker to remotely gain access and take over an affected device.
The vulnerability (CVE-2017-3881) details:
The flaw affects the cluster management protocol (CMP) processing code used by Cisco’s IOS and IOS XE software. An unauthenticated attacker/hacker can exploit the vulnerability remotely to cause devices to reload or for arbitrary code execution with elevated privileges.
Cisco said:
“An attacker could exploit this vulnerability by sending malformed CMP-specific Telnet options while establishing a Telnet session with an affected Cisco device configured to accept Telnet connections,”
The vulnerability happened because of the following:
– The failure to restrict the use of CMP-specific Telnet options only to internal, local communications between cluster members and instead accept and process such options over any Telnet connection to an affected device, and
– The incorrect processing of malformed CMP-specific Telnet options.
Vulnerable Products:
The list is too long (more than 300), but the major affected products are Cisco Catalyst, Embedded Service, and Industrial Ethernet switches.
Cisco marks the issue as 9.8 and has categorised it a critical risk, admins should install the provided patch as soon as possible.