Tuesday, March 21, 2017

Cisco's CIA Vault7 exploit in context

Cisco issued a security bulletin on March 17, disclosing a remote code execution vulnerability in the Cluster Management Protocol function of IOS and IOS XE software, affecting over 300 Cisco switches and routers. Through this vulnerability, remote attackers can take complete control of a network device.

Cisco discovered the flaw while going through the WikiLeaks "Vault7" documents believed to have come from the CIA, suggesting that the flaw has been actively exploited. Naturally, every tech writer on the planet has rushed in to write doom and gloom stories of mass exploitation.

Slow down just a bit.

Those following long-standing best practices for securing infrastructure hardware are not at risk. The vulnerability can only be exploited through the Telnet protocol, and requires access to the management interface of a switch. 

Telnet communicates with a remote device unencrypted - transmitting usernames and passwords, as well as commands and configuration details, in the clear where anyone listening can intercept them. All modern switches and routers support SSH, which serves the same purpose but with an encrypted connection.

Disable the Telnet service on your Cisco switches, restrict management to an isolated management network, and update the OS as soon as practical once Cisco issues a fix.

Carry on.

Do you have something to add? A question you'd like answered? Think I'm out of my mind? Join the conversation below, reach out by email at david (at) securityforrealpeople.com, or hit me up on Twitter at @dnlongen

No comments:

Post a Comment

Whois David?

My photo

I have spent the better part of two decades in information technology and security, with roots in application developer support, system administration, and network security. My specialty is cyber threat intelligence - software vulnerabilities and patching, malware, social networking risks, etc. In particular, I strive to write about complex cyber topics in a way that can be understood by those outside the infosec industry.

Why do I do this? A common comment I get from friends and family is that complex security topics give them headaches. They want to know in simple terms how to stay safe in a connected world. Folks like me and my peers have chosen to make a profession out of hacking and defending. I've been doing this for the better part of two decades, and so have a high degree of knowledge in the field. Others have chosen different paths - paths where I would be lost. This is my effort to share my knowledge with those that are experts in something else.

When not in front of a digital screen, I spend my time raising five rambunctious teens and pre-teens - including two sets of twins. Our family enjoys archery, raising show and meat rabbits, and simply enjoying life in the Texas hill country.

For a decade I served as either Commander or a division leader for the Awana Club in Dripping Springs, Texas; while I have retired from that role I continue to have a passion for children's ministry. At the moment I teach 1st through 3rd grade Sunday School. Follow FBC Dripping Springs Kids to see what is going on in our children's ministries.