Security Alert Cisco's Investigation into Vault 7 Leak Uncovers 0-Day Affecting 318 Products

Discussion in 'News Archive' started by Solarquest, Mar 20, 2017.

  1. Solarquest

    Solarquest Level 27
    Trusted AV Tester

    Jul 22, 2014
    1,658
    12,472
    Over 300 Cisco products are affected by a zero-day vulnerability Cisco discovered last week, and for which no patch is available at the time of writing.

    Cisco engineers discovered the zero-day following a company-wide effort to investigate how the recently disclosed WikiLeaks "Vault 7" leak affected the company's products.
    ......
    ......

    Zero-day affects Cluster Management Protocol (CMP)
    While they may not be sure this is the flaw CIA malware exploited, researchers did find a problem in their code.

    This vulnerability (CVE-2017-3881) resides in the Cluster Management Protocol code in Cisco IOS and Cisco IOS XE Software. According to Cisco, the firmware installed on 318 product models is currently affected.

    More infos in the link above
     
  2. Lockdown

    Lockdown From AppGuard
    Developer

    Oct 24, 2016
    2,084
    8,729
    AppGuard LLC, Virginia, U.S.
    #2 Lockdown, Mar 20, 2017
    Last edited: Mar 20, 2017
    Whether you realize it or not, you just publicly divulged valuable infos for any hacker\malc0der that knows how to exploit the Cisco vulnerability (very unlikely), can implement it as a practical, workable exploit (extremely unlikely) and wants to target you (virtually 0 likelihood). That's if your Cisco products are subject to the vulnerability.

    Yes, there is vulnerability. If your Cisco products are subject to the vulnerability, is it something to get bent out of shape about ? - no, it's not. Wait for Cisco patch.
     
    monsterturckpa and LASER_oneXM like this.
  3. Entreri

    Entreri Level 5

    May 25, 2015
    244
    480
    According to Arstechinca article:

    "The vulnerability mostly affects Cisco Catalyst switches but is also found in Industrial Ethernet switches and embedded services. Cisco plans to release a fix at an unspecified date. While Friday's advisory said there are "no workaround that address this vulnerability,"

    I disabled many features on my Win10 machine, including the telnet client.
     
  4. Lockdown

    Lockdown From AppGuard
    Developer

    Oct 24, 2016
    2,084
    8,729
    AppGuard LLC, Virginia, U.S.
    #4 Lockdown, Mar 20, 2017
    Last edited: Mar 20, 2017
    So it doesn't apply to most home users.

    I didn't even bother to read the article as it isn't something to get worked-up about.

    As is typical, users cry "wolf" with just about any security article. Part of the problem is that the authors of such articles do a poor job of explaining the risks. So the articles are very apt to be understood and when things are applicable to the home user.
     
    Umbra likes this.
  5. Solarquest

    Solarquest Level 27
    Trusted AV Tester

    Jul 22, 2014
    1,658
    12,472
    The truth is even professional HW have vulnerabilities and can be hacked.
    We need to stay informed and to update regularly, firmware, driver, av, os, etc...
     
  6. larry goes to church

    Mar 10, 2017
    100
    141
    antartica
    Elementary OS
    Qihoo 360
    I could imagine Cisco saying everyone drop what you're doing we need to work on Vault 7 content tbh.

    I was listening to a podcast this morning that was talking about passing laws in the US in regards to disclosure of vulnerabilities / 0days from agencies like the CIA.

    The thought is.. what is worth more, protecting your citizens devices from being broken into or breaking into other peoples devices.
    This will be a good discussion topic that I can foresee within the next few years becoming huge.
     
Loading...