Cisco has issued a security advisory that a bug in the cluster management protocol code of its IOS and IOS XE software may have affected 300 of its switches and can be exploited by a malformed protocol-specific Telnet command, reports ZDNet. Though the company is yet to issue a patch, it says disabling Telnet could remove some risks.
The flaw was discovered by Cisco on Vault7, WikiLeaks’ recent disclosure of CIA’s secret Center for Cyber Intelligence. WikiLeaks faces criticism for not having edited out all sensitive information in its disclosures and is also under fire for reportedly not providing details of vulnerabilities to affected companies.
However, a WikiLeaks spokesman said that "Fortunately, WikiLeaks' Vault7 has permitted Cisco's security team to identity the vulnerability without releasing the exploit code."
Cisco was involved in a similar issue last year when two vulnerabilities found in hacking tools, allegedly created by the National Security Agency, were identified to impact its products.
Click here for details.