One of the revelations that will always astonish me is the pervasiveness and efficiency of state surveillance. Recently, the CIA had an internal wiki database exposed through WikiLeaks. Hearkening back to the days of the Snowden revelations, we are now discovering that he intelligence agency is sitting on a treasure trove of exploits and vulnerabilities. The latest gold mine is a vulnerability that impacts at least 318 different models of Cisco network switches.
Switches are critical to networks as all communication runs through them. Using a bug in the Cisco Cluster Management Protocol, attackers can use the telnet protocol to send malicious code to the switch. Due to the way telnet is handled on the switches, there is no limit on the code the attacker can tell the switch to run, allowing them full access. Once the attacker is in, all of the unsecured internal communication going over the switches can be eavesdropped easily.
For now, Cisco is suggesting that customer disable telnet on their switches. However, there are likely other exploits that Cisco is not yet aware of, or not yet willing to disclose until they have a fix. Switches have long been a target due to their role in networks, with the NSA going as far as to intercept physical shipments to tamper with them. Due to the size of the CIA breach, we can expect many more vulnerabilities to be disclosed over the coming days and weeks for pretty much every technology product worth hacking.
