Top Categories

Spotlight

todayMarch 28, 2020

Case Study Mjolnir Security

Attack Type – Exploitation of novel / 0-day vulnerability

Scenario: Org2 is a specialist technology company based in the UK. The Org2 IT security operations team responded to an alert from its corporate anti-virus provider that a copy of password stealing malware had been found on three of its domain controllers. This was a serious incident, and an investigation [...]

Top Voted
Sorry, there is nothing for the moment.

A simple command allows the CIA to commandeer 318 models of Cisco switches

Cisco Mjolnir Security todayMarch 20, 2017

Background
share close
Header image from: https://arstechnica.com

Cisco Systems said that more than 300 models of switches it sells contain a critical vulnerability that allows the CIA to use a simple command to remotely execute malicious code that takes full control of the devices. There currently is no fix.

Cisco researchers said they discovered the vulnerability as they analyzed a cache of documents that are believed to have been stolen from the CIA and published by WikiLeaks two weeks ago. The flaw, found in at least 318 switches, allows remote attackers to execute code that runs with elevated privileges, Cisco warned in an advisory published Friday. The bug resides in the Cisco Cluster Management Protocol (CMP), which uses the telnet protocol to deliver signals and commands on internal networks. It stems from a failure to restrict telnet options to local communications and the incorrect processing of malformed CMP-only telnet options.

Read more on ArsTechnica’s analysis here: https://arstechnica.com/security/2017/03/a-simple-command-allows-the-cia-to-commandeer-318-models-of-cisco-switches/

Written by: Mjolnir Security

Tagged as: , , , , .

Previous post

Similar posts