300 Cisco Switches Vulnerable to Flaw in WikiLeaks’ CIA Dump

Telecommunications

The Cisco security team issued a critical advisory after combing through WikiLeaks' dump of alleged CIA hacking tools.

The Friday alert disclosed a vulnerability in the cluster management protocol in Cisco IOS and Cisco IOS XE software that could allow a remote attacker to control devices. The flaw may affect 300 switches.

Cisco said there are no workarounds for the issue, but the company recommends disabling the Telnet protocol for incoming connections and using the Secure Shell protocol.

WikiLeaks boasted its Vault 7 documents include “dozens of zero days” though it did not publish the code, so the claims are hard to verify. The website also said it would share the zero days with affected tech companies, but Motherboard reported WikiLeaks is waiting until certain, undisclosed demands are met.