Cisco Patches Up Zero-Day Used by CIA to Exploit Hundreds of Switches

[Bot]

Cisco has finally worked out how to kill that critical flaw that the FBI was using to exploit its switches. The company had previously announced that a patch was coming, and now it looks like it finally delivered on that promise.

A few weeks ago it was reported that the CIA was using a zero-day exploit which allowed attackers to issue commands that remotely executed malicious code. This issue affected 318 models of Cisco switches.

The revelation was made by Wikileaks in its Vault 7 leak series where CIA documents regarding its hacking techniques and tools are detailed.

The bug the CIA was exploiting resides in the Cisco Cluster Management Protocol, which uses the telnet protocol to deliver signals and commands on internal networks. The whole problem stems from the failure to restrict the telnet options to local communications and the incorrect p... (read more)

Read more: http://news.softpedia.com/news/cisco-patches-up-zero-day-used-by-cia-to-exploit-hundreds-of-switches-515572.shtml

 

[orphyone]

Need to show this to all my Jr Admins to keep re-enforcing why we don't use Telnet!