Thanks to the CIA, Cisco Vulnerability Remains Hidden, Affects Thousands of Devices

Around three hundred of Cisco’s switch models are in trouble, all thanks to the Central Intelligence Agency.


Around three hundred of Cisco’s switch models such as Cisco Catalyst 2350-48TD-S, Cisco Catalyst 2350-48TD-SD, Cisco Catalyst 2360-48TD-S, Cisco Catalyst 2918-24TC-C, Cisco Catalyst 2918-24TT-C, Cisco Catalyst 2918-48TC-C, Cisco Catalyst 2918-48TT-C amongst others, have been affected by a vulnerability the CIA were well aware of. The networking company made this announcement while analysing the leaked Vault 7 CIA documents published by WikiLeaks – over 8,000 documents detailing hacking tools and methods used by the CIA for cyber spying.

The problem in Cisco’s switch models is housed in the Cluster Management Protocol’s code that is embedded in Cisco’s operating systems: the Cisco IOS and Cisco IOS XE.

Image Source: Google Image – Cisco headquarters in San José, California in Silicon Valley.

Cisco says this vulnerability may allow a hacker to gain remote access to the machine. Moreover, the hacker will be able to shut it down, restart it, install and run a malicious code on a device with administrative rights that will further give the hacker full access. The Cluster Management Protocol allows switch clusters to exchange information between each other using Secure Shell (SSH) or Telnet protocols.

The Devil is in the Details

According to the company, the problem lies within the default settings of the compromised devices. The advantage of this flaw can be taken once the Telnet sessions are being exchanged between the IPv4 or IPv6 protocols.

The company says the problem occurs in the Cluster Management Protocol because of two major problems. Firstly, the system doesn’t limit the use of Cluster Management Protocol specified to Telnet options. Rather, it inquires and executes those commands and sends it to the Telnet connected device.

Image Source: In 2010, Secretary of State Hillary Clnton awarded Cisco the Secretary of State’s Award for Corporate Excellence, which was presented in Jerusalem by Ambassador James B. Cunningham to Cisco Senior Manager Zika Abzuk.

Secondly is the very basic incorrect execution of abnormal Cluster Management Protocol options that allows taking control over the switch models.

Furthermore, for the hacker to use the vulnerability to their advantage, all they need to do is send a “malformed Cluster Management Protocol with specific Telnet protocol options while establishing a Telnet session with an affected Cisco device configured to accept Telnet connections,” says the company.

Image Source: Google Image – John T. Chambers led Cisco as its CEO between 1995 and 2015. (Pictured at 2010 World Economic Forum, in Davos, Switzerland).

This particular vulnerability gives the hackers the advantage to install the malicious code in the affected devices, whenever and wherever they want.

Disable Them for Now

The flaw in the default system includes over 200 different Catalyst switches and more than fifty commercial Ethernet switches.

Image Source: Google Image – Cisco’s product for a small business – SG300-28 28-port Gigabit Ethernet – rackmount switch.

The company has yet to create a patch for this problem. However, Cisco is telling its customers to disable the flawed Telnet protocol and turn to the SSH protocol.

Cisco has stated that they were unable to discover any working exploits that were created to use this flaw. However, if one is to be made or discovered, then there are going to be thousands of machines and businesses around the world that will end up hanging by a thread. As soon as the updated patch comes out, Cisco will update its IOS Software Checker along with it.

Source: The Register, Cisco, WikiLeaks

This article (Thanks to the CIA, Cisco Vulnerability Remains Hidden, Affects Thousands of Devices) is a free and open source. You have permission to republish this article under a Creative Commons license with attribution to the author and

Supporting Anonymous’ Independent & Investigative News is important to us. Please, follow us on Twitter:


Get Your Anonymous T-Shirt / Sweatshirt / Hoodie / Tanktop, Smartphone or Tablet Cover or Mug In Our Spreadshirt Shop! Click Here



Please enter your comment!
Please enter your name here