More than a month after details emerged of a critical remote code execution vulnerability in hundreds of models of Cisco switches, the company has released a patch to close the hole.
The vulnerability is one of the many bugs that was identified when the so-called Vault 7 documents were released in March. The documents are thought to be a dossier of attack techniques and tools used by CIA in offensive operations. Cisco engineers looking at the documents discovered details of what turned out to be a critical bug in its IOS operating system, the software that runs its switches and other hardware.
Specifically, the vulnerability is in the Cluster Management Protocol used in IOS and it involves an issue with the Telnet implementation. IOS doesn’t handle some Telnet options correctly, leading to the flaw.
“An attacker could exploit this vulnerability by sending malformed CMP-specific Telnet options while establishing a Telnet session with an affected Cisco device configured to accept Telnet connections. An exploit could allow an attacker to execute arbitrary code and obtain full control of the device or cause a reload of the affected device,” the Cisco advisory says.
The company released patches for the vulnerability on Monday and urged customers to install the fixed versions of the software. The vulnerability affects many models of Cisco’s Catalyst switches and also several of its Industrial Ethernet switches. Because the details of the vulnerability have been public since March, companies running a vulnerable version of the software should update as quickly as possible.
Cisco said there is no workaround for the vulnerability, but customers who haven’t updated can disable Telnet to eliminate the exploitation vector.