Security News Cisco's Investigation into Vault 7 Leak Uncovers 0-Day Affecting 318 Products

[Solarquest]

Over 300 Cisco products are affected by a zero-day vulnerability Cisco discovered last week, and for which no patch is available at the time of writing.

Cisco engineers discovered the zero-day following a company-wide effort to investigate how the recently disclosed WikiLeaks "Vault 7" leak affected the company's products.
......
......

Zero-day affects Cluster Management Protocol (CMP)
While they may not be sure this is the flaw CIA malware exploited, researchers did find a problem in their code.

This vulnerability (CVE-2017-3881) resides in the Cluster Management Protocol code in Cisco IOS and Cisco IOS XE Software. According to Cisco, the firmware installed on 318 product models is currently affected.

More infos in the link above

 

[509322]

days ago I saw this wikileaks news, But from Sisco knew nothing. Thank you. My entire products come from sysco.

Whether you realize it or not, you just publicly divulged valuable infos for any hacker\malc0der that knows how to exploit the Cisco vulnerability (very unlikely), can implement it as a practical, workable exploit (extremely unlikely) and wants to target you (virtually 0 likelihood). That's if your Cisco products are subject to the vulnerability.

Yes, there is vulnerability. If your Cisco products are subject to the vulnerability, is it something to get bent out of shape about ? - no, it's not. Wait for Cisco patch.

 

[Entreri]

According to Arstechinca article:

"The vulnerability mostly affects Cisco Catalyst switches but is also found in Industrial Ethernet switches and embedded services. Cisco plans to release a fix at an unspecified date. While Friday's advisory said there are "no workaround that address this vulnerability,"

I disabled many features on my Win10 machine, including the telnet client.

 

[509322]

According to Arstechinca article:

"The vulnerability mostly affects Cisco Catalyst switches but is also found in Industrial Ethernet switches and embedded services. Cisco plans to release a fix at an unspecified date. While Friday's advisory said there are "no workaround that address this vulnerability,"

I disabled many features on my Windows 10 machine, including the telnet client.

So it doesn't apply to most home users.

I didn't even bother to read the article as it isn't something to get worked-up about.

As is typical, users cry "wolf" with just about any security article. Part of the problem is that the authors of such articles do a poor job of explaining the risks. So the articles are very apt to be understood and when things are applicable to the home user.

 

[Solarquest]

The truth is even professional HW have vulnerabilities and can be hacked.
We need to stay informed and to update regularly, firmware, driver, av, os, etc...

 

[larry goes to church]

I could imagine Cisco saying everyone drop what you're doing we need to work on Vault 7 content tbh.

I was listening to a podcast this morning that was talking about passing laws in the US in regards to disclosure of vulnerabilities / 0days from agencies like the CIA.

The thought is.. what is worth more, protecting your citizens devices from being broken into or breaking into other peoples devices.
This will be a good discussion topic that I can foresee within the next few years becoming huge.