Cisco issues critical warning after CIA WikiLeaks dump bares IOS security weakness


A vulnerability in Cisco’s widely deployed IOS software that was disclosed in the recent WikiLeaks dump of CIA exploits has triggered the company to release a critical warning for its Catalyst networking customers.

+More on Cisco Security on Network World: Cisco security advisory dump finds 20 warnings, 2 critical+

The vulnerability — which could let an attacker cause a reload of an affected device or remotely execute code and take over a device — impacts more than 300 models of Cisco Catalyst switches from the model 2350-48TD-S Switch to the Cisco SM-X Layer 2/3 EtherSwitch Service Module.

Specifically, the vulnerability is contained in the Cluster Management Protocol which uses Telnet as a signaling and command protocol between cluster members. The vulnerability is due to the combination of two factors Cisco said:

Leave a Reply

Your email address will not be published. Required fields are marked *