Cybersecurity, Multiven, Network Maintenance, Non classé, Wikileaks

Vault7 : Cisco Fixes CIA Exploits in Over 300 Different Switch Models

On March 9 2017, Multiven informed you of severe security vulnerabilities affecting over300 different Cisco switch models that were part of the leaked CIA exploits disclosed by Wikileaks in the Vault 7 leaks.

When exploited, this vulnerability would allow a cyberattacker to remotely take full control (or cause the reload of your switches) of your network via a simple telnet connection and compromise all your data traversing it.

Find below a proof-of-concept Remote Code Exploitation of this defect:

Cisco Catalyst Remote Code Execution

Even though disabling Telnet is a workaround, if you have an affected switch model in your network, Multiven strongly advises that you upgrade to a software version with fixes for this vulnerability.

Accordingly, please contact Cisco and reference the advisory below to get your free fixes:

Cisco Security Advisory

If you are unsuccessful with getting Cisco to provide you the fixed software, please create a Multiven TAC Support Task with the title “Request Fix for Cisco DDTS CSCvd48893” and provide the serial numbers of all affected devices so Multiven can secure the fixes on your behalf.

Laisser un commentaire

Entrez vos coordonnées ci-dessous ou cliquez sur une icône pour vous connecter:

Logo WordPress.com

Vous commentez à l'aide de votre compte WordPress.com. Déconnexion / Changer )

Image Twitter

Vous commentez à l'aide de votre compte Twitter. Déconnexion / Changer )

Photo Facebook

Vous commentez à l'aide de votre compte Facebook. Déconnexion / Changer )

Photo Google+

Vous commentez à l'aide de votre compte Google+. Déconnexion / Changer )

Connexion à %s