View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Cisco CMP vulnerability: everything you need to know

Leaked CIA documents expose Cisco security weak points

By Tom Ball

Cisco has conducted an internal investigation and found that the Cluster Management Protocol (CMP) code for Cisco IOS and IOS XE contained a vulnerability. This issue poses the threat of remote execution issues for Cisco products.

The investigation was prompted when WikiLeaks came forward with a set of leaked CIA documents that included information on comprising smartphones and smart TVs. These details alerted Cisco to weak areas in over 300 models of its switches.

Cisco’s security team issued an advisory warning to customers using the two versions of the software, stating that they could be vulnerable to attack according to the CIA documents released by WikiLeaks.

Listed as ‘critical’ on the Cisco Advisories and Alerts page, the advisory said:  “A vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected device or remotely execute code with elevated privileges.”


The vulnerability is rooted in the Cisco’s CMP use of Telnet for internal signalling, as Telnet can be left open to commands from the outside. The information found in the CIA leak exposed the possibility that a hacker could initiate a new Telnet session. This would give the infiltrator access to run arbitrary code remotely.

Once in a hacker would be able to take control of the device and monitor and have influence over all of the traffic going through the switch. The issue cannot be fixed with a patch, as devices process all telnet commands; this can only be stopped with the action of disable incoming connections for Telnet, or to compile an access list.

Content from our partners
Green for go: Transforming trade in the UK
Manufacturers are switching to personalised customer experience amid fierce competition
How many ends in end-to-end service orchestration?
READ MORE: Apple held to Bitcoin ransom as hackers hold 200m iCloud accounts captive

Paul Calatayud, chief technology officer at FireMon said: “It is always a good thing when a security vendor takes a proactive approach in discovering and announcing that there is a new exploit. Cisco did the right thing here. Even better, there is a simple fix which it to disable Telnet, and use stronger protocols that are available and supported.

“This action would be part of any CISO’s best practice anyway, so the question is do you have technologies that can assist in managing configurations to properly inform you that you are using risky protocols? If the answer is no, then the window that attackers have to take advantage of the weak point could be a lot bigger than those who do, making your organisation incredibly vulnerable to attack.”

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.