The vulnerability was disclosed by WikiLeaks in documents dubbed CIA Vault 7. It is believed that this vulnerability was used by CIA agents to penetrate government and corporate networks.
Vulnerable component: Cisco IOS
CVSSv3 score: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C
CWE-ID: CWE-20 - Improper Input Validation
The vulnerability allows a remote attacker to gain access to vulnerable device.
The vulnerability exists due to improper input validation in Cisco Cluster Management Protocol (CMP) implementation and failure to restrict usage of CMP-specific Telnet options only to internal, local communications between cluster members. A remote unauthenticated attacker can send specially crafted CMP-specific Telnet options while establishing a Telnet session with an affected Cisco device configured to accept Telnet connections and cause the affected device to reload or obtain full control over vulnerable device.
Successful exploitation of this vulnerability may allow an attacker to gain full access to vulnerable device.
Note: information about this vulnerability was publicly disclosed by WikiLeaks documents dubbed CIA Vault 7.
Latest references in media:
- Security Affairs newsletter Round 110 тАУ News of the week [2017-05-15 19:00:38]
- Cisco patched CVE-2017-3881 IOS XE Vulnerability leaked in CIA Vault 7 Dump [2017-05-11 09:40:10]
- Cisco Patches IOS XE Vulnerability Leaked in Vault 7 Dump [2017-05-10 16:10:58]
- Cisco has finally released patches for a zero-day vulnerability CVE-2017-3881, that affects over 300 Network Switch Models, disclosed 51 days back in CIA Vault 7 Leak by Wikileaks. [2017-05-10 14:30:26]
- Cisco Patches CIA Zero-Day Affecting Hundreds of Switches [2017-05-10 13:20:13]
- Cisco patches leaked 0-day in 300+ of its switches [2017-05-10 10:50:13]
- Cisco patches switch hijacking hole тАУ the one exploited by the CIA [2017-05-09 20:30:01]
- Cisco Warns of Critical Vulnerability Revealed in ‘Vault 7’ Data Dump [2017-03-20 18:30:46]
- Cisco's Investigation into Vault 7 Leak Uncovers 0-Day Affecting 318 Products [2017-03-20 14:40:25]
- Cisco Finds Zero-Day Vulnerability in 'Vault 7' Leak [2017-03-20 10:20:15]
Vulnerability scanning SaaS service is online 3-rd generation vulnerability scanner with scheduled assessments and vulnerability subscription. You can use service to check security of your network perimeter.