Security News Cisco's Investigation into Vault 7 Leak Uncovers 0-Day Affecting 318 Products

Solarquest

Moderator
Thread author
Verified
Staff Member
Malware Hunter
Well-known
Jul 22, 2014
2,525
Over 300 Cisco products are affected by a zero-day vulnerability Cisco discovered last week, and for which no patch is available at the time of writing.

Cisco engineers discovered the zero-day following a company-wide effort to investigate how the recently disclosed WikiLeaks "Vault 7" leak affected the company's products.
......
......

Zero-day affects Cluster Management Protocol (CMP)
While they may not be sure this is the flaw CIA malware exploited, researchers did find a problem in their code.

This vulnerability (CVE-2017-3881) resides in the Cluster Management Protocol code in Cisco IOS and Cisco IOS XE Software. According to Cisco, the firmware installed on 318 product models is currently affected.

More infos in the link above
 
5

509322

days ago I saw this wikileaks news, But from Sisco knew nothing. Thank you. My entire products come from sysco.

Whether you realize it or not, you just publicly divulged valuable infos for any hacker\malc0der that knows how to exploit the Cisco vulnerability (very unlikely), can implement it as a practical, workable exploit (extremely unlikely) and wants to target you (virtually 0 likelihood). That's if your Cisco products are subject to the vulnerability.

Yes, there is vulnerability. If your Cisco products are subject to the vulnerability, is it something to get bent out of shape about ? - no, it's not. Wait for Cisco patch.
 
Last edited by a moderator:

Entreri

Level 7
Verified
May 25, 2015
342
According to Arstechinca article:

"The vulnerability mostly affects Cisco Catalyst switches but is also found in Industrial Ethernet switches and embedded services. Cisco plans to release a fix at an unspecified date. While Friday's advisory said there are "no workaround that address this vulnerability,"

I disabled many features on my Win10 machine, including the telnet client.
 
5

509322

According to Arstechinca article:

"The vulnerability mostly affects Cisco Catalyst switches but is also found in Industrial Ethernet switches and embedded services. Cisco plans to release a fix at an unspecified date. While Friday's advisory said there are "no workaround that address this vulnerability,"

I disabled many features on my Windows 10 machine, including the telnet client.

So it doesn't apply to most home users.

I didn't even bother to read the article as it isn't something to get worked-up about.

As is typical, users cry "wolf" with just about any security article. Part of the problem is that the authors of such articles do a poor job of explaining the risks. So the articles are very apt to be understood and when things are applicable to the home user.
 
Last edited by a moderator:
  • Like
Reactions: Deleted member 178

Solarquest

Moderator
Thread author
Verified
Staff Member
Malware Hunter
Well-known
Jul 22, 2014
2,525
The truth is even professional HW have vulnerabilities and can be hacked.
We need to stay informed and to update regularly, firmware, driver, av, os, etc...
 

larry goes to church

Level 3
Verified
Mar 10, 2017
103
I could imagine Cisco saying everyone drop what you're doing we need to work on Vault 7 content tbh.

I was listening to a podcast this morning that was talking about passing laws in the US in regards to disclosure of vulnerabilities / 0days from agencies like the CIA.

The thought is.. what is worth more, protecting your citizens devices from being broken into or breaking into other peoples devices.
This will be a good discussion topic that I can foresee within the next few years becoming huge.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top