Cisco Says CIA Can Exploit 318 of Its Switches, Promises Fix
Monday, 20 March 2017
Bad news coming from Cisco Systems. The company admitted that 318 models of switches it sells come with a critical vulnerability that allows the CIA to use a simple command to remotely execute malicious code with the purpose of taking full control of the devices. If this wasn't bad enough, the company says there's no fix for the problem. The discovery was made after the company analyzed a set of documents published by WikiLeaks two weeks ago in its massive Vault 7 reveal. The files are believed to come from the CIA, but there are concerns regarding the source of the leak. The flaw, it seems, can be found in 318 switches, residing in the Cisco Cluster Management Protocol (CMP). Remote attackers, such as the CIA, can execute code that runs with elevated privileges. The CMP uses the telnet protocol to deliver signals and commands on Internet networks. "An attacker could exploit this vulnerability by sending malformed CMP-specific telnet options while establishing ...
You Might Like
Other recent news in Technology