CVE-2017-3881 How to Mitigate CIA Vault 7 Exploits on Your Cisco Switches

Two weeks ago WikiLeaks released Vault 7, a large collection of documents that they claim were taken from the CIA. While the CIA has not confirmed this release, there's little question that the leaked information comes from a nation state level intelligence service and contains extensive details regarding exploits and tradecraft targeting a wide variety of service providers, vendors, and equipment. Wikileaks has thus far attempted to redact detailed exploit information and has announced their intention to work with the impacted parties to address these vulnerabilities.

Cisco appears to have been reviewing the documents and CVE-2017-3881, the Cluster Management Protocol Remote Code Execution Vulnerability is their first major report referencing the vault 7 release. This vulnerability allows an unauthenticated attacker with access to a listening Telnet port on one of the impacted devices to execute commands on the device or reload it. While the advisory indicates that IOS XE is affected the vast majority of affected devices appear to be switches running IOS.

To read the complete article, please click here

?