Cisco warns of a new critical zero-day vulnerability in Cisco IOS and Cisco IOS XE software. The company described the vulnerability with the highest level of criticality and discovered it by analyzing the files leaked through "Vault 7" from Wikileaks last week.
The records contain details and describe hacking tools and tactics of the US Central Intelligence Agency (CIA).
The vulnerability exists in its Cluster Management Protocol (CMP) processing code software Cisco IOS and Cisco IOS XE.
If the defect is exploited (CVE-2017-3881) could allow a remote attacker to restart the device or run a malicious code remotely with increased rights to take full control, according to Cisco.
The CMP protocol is designed to transmit information between system members using the Telnet or SSH service.
The vulnerability is Cisco's default configuration and can be exploited during a Telnet session on IPv4 or IPv6.
The vulnerability affects 264 Catalyst switches, 51 industrial Ethernet switches, and 3 others Appliances, που συμπεριλαμβάνουν τα Catalyst switches, Embedded Service 2020 switches, Enhanced Layer 2/3 EtherSwitch Service Modules, Enhanced Layer 2 EtherSwitch Service Module, ME 4924-10GE switch, IE Industrial Ethernet switches, RF Gateway 10, SM-X Layer 2/3 EtherSwitch Service Module, and Gigabit Ethernet Switch Module (CGESM) for HP.
Currently, the vulnerability is unpatched, and until updates are released, Cisco recommends that everyone using its devices completely disable connections Telnet and use SSH.