Geekly articles weekly

318 Cisco Switch Models contêm vulnerabilidade da CIA


Switch vulnerável Cisco Catalyst 2960G-48TC-L. Foto: Cisco

A Cisco publicou informações (ID do boletim: cisco-sa-20170317-cmp) sobre uma vulnerabilidade crítica no CMP (Cluster Management Protocol), fornecido com o Cisco IOS XE Software. Vulnerabilidade CVE-2017-3881 pode permitir a execução remota de código com privilégios elevados no sistema operacional do gateway Cisco IOS por qualquer usuário remoto não autorizado (que conheça o bug).

Os oficiais da CIA sabiam disso com certeza, o que se segue dos documentos publicados no site do Wikileaks como parte do projeto Vault 7 (Year Zero) . Os especialistas em segurança da Cisco dizem ter encontrado informações de vulnerabilidade analisando esses documentos.

O CMP é baseado no telnet , mas suporta parâmetros específicos. O bug está conectado ao processamento incorreto precisamente desses parâmetros específicos do CMP, que foram obtidos pelo telnet. Quais parâmetros específicos devem ser usados ​​para exibir um erro ao processar uma solicitação não são relatados.

A Cisco publica instruções sobre como verificar o CMP no software executado no dispositivo.

Verificação CMP:

show subsys class protocol | include ^cmp

Se o subsistema CMP estiver ausente, a resposta será:

Switch#show subsys class protocol | include ^cmp
Switch#

Se o subsistema CMP estiver presente, a resposta será a seguinte:

Switch#show subsys class protocol | include ^cmp
cmp Protocol 1.000.001
Switch#

Se você possui um subsistema CMP em seu comutador, pode verificar se o CMP aceita conexões de telnet recebidas. E, consequentemente, é possível realizar o ataque mencionado com execução remota de código por meio de um comando especialmente formado.

Verifique o suporte de entrada do telnet:

show running-config | include ^line vty|transport input

Por exemplo, se você usar as configurações padrão, a linha do terminal virtual (VTY) indicará simplesmente os números dos terminais sem nenhuma nota especial:

Switch#show running-config | include ^line vty|transport input
line vty 0 4
line vty 5 15
Switch#

As configurações padrão incluem conexões telnet recebidas em todos os terminais virtuais de 0 a 15. Portanto, essa é uma configuração vulnerável.

Para comparação, aqui está uma configuração especial em que apenas SSH é permitido em todos os terminais virtuais:

Switch#show running-config | include ^line vty|transport input
line vty 0 4
transport input ssh
line vty 5 15
transport input ssh
Switch#

Essa configuração não seria vulnerável.

A Cisco verificou as versões do Cisco IOS XE Software e descobriu uma lista de 318 switches e outros dispositivos de rede afetados por esta vulnerabilidade. Se o dispositivo não estiver listado, é definitivamente seguro.

A lista inclui 264 comutadores da série Catalyst, 40 comutadores da série Ethernet Industrial e 14 outros dispositivos Cisco.

Modelos de dispositivos vulneráveis
  • Switch Cisco Catalyst 2350-48TD-S
  • Switch Cisco Catalyst 2350-48TD-SD
  • Switch Cisco Catalyst 2360-48TD-S
  • Switch Cisco Catalyst 2918-24TC-C
  • Switch Cisco Catalyst 2918-24TT-C
  • Switch Cisco Catalyst 2918-48TC-C
  • Switch Cisco Catalyst 2918-48TT-C
  • Switch Cisco Catalyst 2928-24TC-C
  • Switch Cisco Catalyst 2960-24-S
  • Switch Cisco Catalyst 2960-24LC-S
  • Switch Cisco Catalyst 2960-24LT-L
  • Switch Cisco Catalyst 2960-24PC-L
  • Switch Cisco Catalyst 2960-24PC-S
  • Switch Cisco Catalyst 2960-24TC-L
  • Switch Cisco Catalyst 2960-24TC-S
  • Switch Cisco Catalyst 2960-24TT-L
  • Switch Cisco Catalyst 2960-48PST-L
  • Switch Cisco Catalyst 2960-48PST-S
  • Switch Cisco Catalyst 2960-48TC-L
  • Switch Cisco Catalyst 2960-48TC-S
  • Switch Cisco Catalyst 2960-48TT-L
  • Switch Cisco Catalyst 2960-48TT-S
  • Switch compacto Cisco Catalyst 2960-8TC-L
  • Switch Cisco Catalyst 2960-8TC-S Compact
  • Switch Cisco Catalyst 2960-Plus 24LC-L
  • Switch Cisco Catalyst 2960-Plus 24LC-S
  • Switch Cisco Catalyst 2960-Plus 24PC-L
  • Switch Cisco Catalyst 2960-Plus 24PC-S
  • Switch Cisco Catalyst 2960-Plus 24TC-L
  • Switch Cisco Catalyst 2960-Plus 24TC-S
  • Switch Cisco Catalyst 2960-Plus 48PST-L
  • Switch Cisco Catalyst 2960-Plus 48PST-S
  • Switch Cisco Catalyst 2960-Plus 48TC-L
  • Switch Cisco Catalyst 2960-Plus 48TC-S
  • Switch Cisco Catalyst 2960C-12PC-L
  • Switch Cisco Catalyst 2960C-8PC-L
  • Switch Cisco Catalyst 2960C-8TC-L
  • Switch Cisco Catalyst 2960C-8TC-S
  • Comutador compacto Cisco Catalyst 2960CG-8TC-L
  • Switch Cisco Catalyst 2960CPD-8PT-L
  • Switch Cisco Catalyst 2960CPD-8TT-L
  • Switch Cisco Catalyst 2960CX-8PC-L
  • Switch Cisco Catalyst 2960CX-8TC-L
  • Switch Cisco Catalyst 2960G-24TC-L
  • Switch Cisco Catalyst 2960G-48TC-L
  • Comutador compacto Cisco Catalyst 2960G-8TC-L
  • Switch Cisco Catalyst 2960L-16PS-LL
  • Switch Cisco Catalyst 2960L-16TS-LL
  • Switch Cisco Catalyst 2960L-24PS-LL
  • Switch Cisco Catalyst 2960L-24TS-LL
  • Switch Cisco Catalyst 2960L-48PS-LL
  • Switch Cisco Catalyst 2960L-48TS-LL
  • Switch Cisco Catalyst 2960L-8PS-LL
  • Switch Cisco Catalyst 2960L-8TS-LL
  • Comutador compacto Cisco Catalyst 2960PD-8TT-L
  • Switch Cisco Catalyst 2960S-24PD-L
  • Switch Cisco Catalyst 2960S-24PS-L
  • Switch Cisco Catalyst 2960S-24TD-L
  • Switch Cisco Catalyst 2960S-24TS-L
  • Switch Cisco Catalyst 2960S-24TS-S
  • Switch Cisco Catalyst 2960S-48FPD-L
  • Switch Cisco Catalyst 2960S-48FPS-L
  • Switch Cisco Catalyst 2960S-48LPD-L
  • Switch Cisco Catalyst 2960S-48LPS-L
  • Switch Cisco Catalyst 2960S-48TD-L
  • Switch Cisco Catalyst 2960S-48TS-L
  • Switch Cisco Catalyst 2960S-48TS-S
  • Switch Cisco Catalyst 2960S-F24PS-L
  • Switch Cisco Catalyst 2960S-F24TS-L
  • Switch Cisco Catalyst 2960S-F24TS-S
  • Switch Cisco Catalyst 2960S-F48FPS-L
  • Switch Cisco Catalyst 2960S-F48LPS-L
  • Switch Cisco Catalyst 2960S-F48TS-L
  • Switch Cisco Catalyst 2960S-F48TS-S
  • Switch Cisco Catalyst 2960X-24PD-L
  • Switch Cisco Catalyst 2960X-24PS-L
  • Switch legal Cisco Catalyst 2960X-24PSQ-L
  • Switch Cisco Catalyst 2960X-24TD-L
  • Switch Cisco Catalyst 2960X-24TS-L
  • Switch Cisco Catalyst 2960X-24TS-LL
  • Switch Cisco Catalyst 2960X-48FPD-L
  • Switch Cisco Catalyst 2960X-48FPS-L
  • Switch Cisco Catalyst 2960X-48LPD-L
  • Switch Cisco Catalyst 2960X-48LPS-L
  • Switch Cisco Catalyst 2960X-48TD-L
  • Switch Cisco Catalyst 2960X-48TS-L
  • Switch Cisco Catalyst 2960X-48TS-LL
  • Switch Cisco Catalyst 2960XR-24PD-I
  • Switch Cisco Catalyst 2960XR-24PD-L
  • Switch Cisco Catalyst 2960XR-24PS-I
  • Switch Cisco Catalyst 2960XR-24PS-L
  • Switch Cisco Catalyst 2960XR-24TD-I
  • Switch Cisco Catalyst 2960XR-24TD-L
  • Switch Cisco Catalyst 2960XR-24TS-I
  • Switch Cisco Catalyst 2960XR-24TS-L
  • Switch Cisco Catalyst 2960XR-48FPD-I
  • Switch Cisco Catalyst 2960XR-48FPD-L
  • Switch Cisco Catalyst 2960XR-48FPS-I
  • Switch Cisco Catalyst 2960XR-48FPS-L
  • Switch Cisco Catalyst 2960XR-48LPD-I
  • Switch Cisco Catalyst 2960XR-48LPD-L
  • Switch Cisco Catalyst 2960XR-48LPS-I
  • Switch Cisco Catalyst 2960XR-48LPS-L
  • Switch Cisco Catalyst 2960XR-48TD-I
  • Switch Cisco Catalyst 2960XR-48TD-L
  • Switch Cisco Catalyst 2960XR-48TS-I
  • Switch Cisco Catalyst 2960XR-48TS-L
  • Switch Cisco Catalyst 2970G-24T
  • Switch Cisco Catalyst 2970G-24TS
  • Switch Cisco Catalyst 2975
  • Switch Cisco Catalyst 3550 12G
  • Switch Cisco Catalyst 3550 12T
  • Switch Cisco Catalyst 3550 24 DC SMI
  • Switch Cisco EMI 2450 Cisco Catalyst
  • Switch Cisco Catalyst 3550 24 FX SMI
  • Switch Cisco Catalyst 3550 24 PWR
  • Switch Cisco Catalyst 3550 24 SMI
  • Switch EMI Cisco Catalyst 3550 48
  • Switch Cisco Catalyst 3550 48 SMI
  • Switch Cisco Catalyst 3560-12PC-S Compact
  • Switch Cisco Catalyst 3560-24PS
  • Switch Cisco Catalyst 3560-24TS
  • Switch Cisco Catalyst 3560-48PS
  • Switch Cisco Catalyst 3560-48TS
  • Switch compacto Cisco Catalyst 3560-8PC
  • Switch Cisco Catalyst 3560C-12PC-S
  • Switch Cisco Catalyst 3560C-8PC-S
  • Switch compacto Cisco Catalyst 3560CG-8PC-S
  • Switch compacto Cisco Catalyst 3560CG-8TC-S
  • Comutador compacto Cisco Catalyst 3560CPD-8PT-S
  • Switch Cisco Catalyst 3560CX-12PC-S
  • Switch Cisco Catalyst 3560CX-12PD-S
  • Switch Cisco Catalyst 3560CX-12TC-S
  • Switch Cisco Catalyst 3560CX-8PC-S
  • Switch Cisco Catalyst 3560CX-8PT-S
  • Switch Cisco Catalyst 3560CX-8TC-S
  • Switch Cisco Catalyst 3560CX-8XPD-S
  • Switch Cisco Catalyst 3560E-12D-E
  • Switch Cisco Catalyst 3560E-12D-S
  • Switch Cisco Catalyst 3560E-12SD-E
  • Switch Cisco Catalyst 3560E-12SD-S
  • Switch Cisco Catalyst 3560E-24PD-E
  • Switch Cisco Catalyst 3560E-24PD-S
  • Switch Cisco Catalyst 3560E-24TD-E
  • Switch Cisco Catalyst 3560E-24TD-S
  • Switch Cisco Catalyst 3560E-48PD-E
  • Switch Cisco Catalyst 3560E-48PD-EF
  • Switch Cisco Catalyst 3560E-48PD-S
  • Switch Cisco Catalyst 3560E-48PD-SF
  • Switch Cisco Catalyst 3560E-48TD-E
  • Switch Cisco Catalyst 3560E-48TD-S
  • Switch Cisco Catalyst 3560G-24PS
  • Switch Cisco Catalyst 3560G-24TS
  • Switch Cisco Catalyst 3560G-48PS
  • Switch Cisco Catalyst 3560G-48TS
  • Switch Cisco Catalyst 3560V2-24DC
  • Switch Cisco Catalyst 3560V2-24PS
  • Switch Cisco Catalyst 3560V2-24TS
  • Switch Cisco Catalyst 3560V2-48PS
  • Switch Cisco Catalyst 3560V2-48TS
  • Switch Cisco Catalyst 3560X-24P-E
  • Switch Cisco Catalyst 3560X-24P-L
  • Switch Cisco Catalyst 3560X-24P-S
  • Switch Cisco Catalyst 3560X-24T-E
  • Switch Cisco Catalyst 3560X-24T-L
  • Switch Cisco Catalyst 3560X-24T-S
  • Switch Cisco Catalyst 3560X-24U-E
  • Switch Cisco Catalyst 3560X-24U-L
  • Switch Cisco Catalyst 3560X-24U-S
  • Switch Cisco Catalyst 3560X-48P-E
  • Switch Cisco Catalyst 3560X-48P-L
  • Switch Cisco Catalyst 3560X-48P-S
  • Switch Cisco Catalyst 3560X-48PF-E
  • Switch Cisco Catalyst 3560X-48PF-L
  • Switch Cisco Catalyst 3560X-48PF-S
  • Switch Cisco Catalyst 3560X-48T-E
  • Switch Cisco Catalyst 3560X-48T-L
  • Switch Cisco Catalyst 3560X-48T-S
  • Switch Cisco Catalyst 3560X-48U-E
  • Switch Cisco Catalyst 3560X-48U-L
  • Switch Cisco Catalyst 3560X-48U-S
  • Switch Cisco Catalyst 3750 Metro 24-AC
  • Switch Cisco Catalyst 3750 Metro 24-DC
  • Switch Cisco Catalyst 3750-24FS
  • Switch Cisco Catalyst 3750-24PS
  • Switch Cisco Catalyst 3750-24TS
  • Switch Cisco Catalyst 3750-48PS
  • Switch Cisco Catalyst 3750-48TS
  • Switch Cisco Catalyst 3750E-24PD-E
  • Switch Cisco Catalyst 3750E-24PD-S
  • Switch Cisco Catalyst 3750E-24TD-E
  • Switch Cisco Catalyst 3750E-24TD-S
  • Switch Cisco Catalyst 3750E-48PD-E
  • Switch Cisco Catalyst 3750E-48PD-EF
  • Switch Cisco Catalyst 3750E-48PD-S
  • Switch Cisco Catalyst 3750E-48PD-SF
  • Switch Cisco Catalyst 3750E-48TD-E
  • Switch Cisco Catalyst 3750E-48TD-S
  • Switch Cisco Catalyst 3750G-12S
  • Switch Cisco Catalyst 3750G-12S-SD
  • Switch Cisco Catalyst 3750G-16TD
  • Switch Cisco Catalyst 3750G-24PS
  • Switch Cisco Catalyst 3750G-24T
  • Switch Cisco Catalyst 3750G-24TS
  • Switch Cisco Catalyst 3750G-24TS-1U
  • Switch Cisco Catalyst 3750G-48PS
  • Switch Cisco Catalyst 3750G-48TS
  • Switch Cisco Catalyst 3750V2-24FS
  • Switch Cisco Catalyst 3750V2-24PS
  • Switch Cisco Catalyst 3750V2-24TS
  • Switch Cisco Catalyst 3750V2-48PS
  • Switch Cisco Catalyst 3750V2-48TS
  • Switch Cisco Catalyst 3750X-12S-E
  • Switch Cisco Catalyst 3750X-12S-S
  • Switch Cisco Catalyst 3750X-24P-E
  • Switch Cisco Catalyst 3750X-24P-L
  • Switch Cisco Catalyst 3750X-24P-S
  • Switch Cisco Catalyst 3750X-24S-E
  • Switch Cisco Catalyst 3750X-24S-S
  • Switch Cisco Catalyst 3750X-24T-E
  • Switch Cisco Catalyst 3750X-24T-L
  • Switch Cisco Catalyst 3750X-24T-S
  • Switch Cisco Catalyst 3750X-24U-E
  • Switch Cisco Catalyst 3750X-24U-L
  • Switch Cisco Catalyst 3750X-24U-S
  • Switch Cisco Catalyst 3750X-48P-E
  • Switch Cisco Catalyst 3750X-48P-L
  • Switch Cisco Catalyst 3750X-48P-S
  • Switch Cisco Catalyst 3750X-48PF-E
  • Switch Cisco Catalyst 3750X-48PF-L
  • Switch Cisco Catalyst 3750X-48PF-S
  • Switch Cisco Catalyst 3750X-48T-E
  • Switch Cisco Catalyst 3750X-48T-L
  • Switch Cisco Catalyst 3750X-48T-S
  • Switch Cisco Catalyst 3750X-48U-E
  • Switch Cisco Catalyst 3750X-48U-L
  • Switch Cisco Catalyst 3750X-48U-S
  • Supervisor Engine I do Cisco Catalyst 4000
  • Supervisor Engine IV do Cisco Catalyst 4000/4500
  • Supervisor Engine V do Cisco Catalyst 4000/4500
  • Supervisor Engine II-Plus do Cisco Catalyst 4500 Series
  • Supervisor Engine II-Plus-TS do Cisco Catalyst 4500 Series
  • Supervisor Engine V-10GE do Cisco Catalyst 4500 Series
  • Supervisor II-Plus-10GE do Cisco Catalyst 4500 Series
  • Supervisor Engine 6-E do Cisco Catalyst 4500
  • Supervisor Engine 6L-E do Cisco Catalyst 4500
  • Switch Cisco Catalyst 4900M
  • Switch Ethernet de 10 Gigabits Cisco Catalyst 4928
  • Switch Ethernet de 10 Gigabits Cisco Catalyst 4948
  • Switch Cisco Catalyst 4948
  • Switch Ethernet Cisco Catalyst 4948E
  • Switch Ethernet Cisco Catalyst 4948E-F
  • Cisco Catalyst Blade Switch 3020 para HP
  • Cisco Catalyst Blade Switch 3030 para Dell
  • Cisco Catalyst Blade Switch 3032 para Dell M1000E
  • Cisco Catalyst Blade Switch 3040 para FSC
  • Cisco Catalyst Blade Switch 3120 para HP
  • Cisco Catalyst Blade Switch 3120X para HP
  • Cisco Catalyst Blade Switch 3130 para Dell M1000E
  • Switch Cisco Catalyst C2928-24LT-C
  • Switch Cisco Catalyst C2928-48TC-C
  • Módulo 3012 do Cisco Catalyst Switch para IBM BladeCenter
  • Módulo 3110 do Cisco Catalyst Switch para IBM BladeCenter
  • Módulo 3110X do Cisco Catalyst Switch para IBM BladeCenter
  • Comutador Cisco Embedded Service 2020 24TC CON B
  • Comutador CON do Cisco Embedded Service 2020 24TC
  • Switch Cisco Embedded Service 2020 24TC NCP B
  • Comutador Cisco Embedded Service 2020 24TC NCP
  • Comutador Cisco Embedded Service 2020 CON B
  • Comutador CON do Cisco Embedded Service 2020
  • Comutador Cisco Embedded Service 2020 NCP B
  • Switch Cisco Embedded Service 2020 NCP
  • Módulo de serviço EtherSwitch da camada 2 aprimorada da Cisco
  • Módulo de serviço EtherSwitch da camada 2/3 aprimorada da Cisco
  • Módulo de switch Ethernet Gigabit Cisco (CGESM) para HP
  • Switch Ethernet Industrial Cisco IE 2000-16PTC-G
  • Switch Ethernet Industrial Cisco IE 2000-16T67
  • Switch Ethernet Industrial Cisco IE 2000-16T67P
  • Switch Ethernet Industrial Cisco IE 2000-16TC
  • Comutador Ethernet industrial Cisco IE 2000-16TC-G
  • Switch Ethernet Industrial Cisco IE 2000-16TC-GE
  • Comutador Ethernet industrial Cisco IE 2000-16TC-GN
  • Switch Ethernet Industrial Cisco IE 2000-16TC-GX
  • Switch Ethernet Industrial Cisco IE 2000-24T67
  • Comutador Ethernet industrial Cisco IE 2000-4S-TS-G
  • Comutador Ethernet industrial Cisco IE 2000-4T
  • Comutador Ethernet industrial Cisco IE 2000-4T-G
  • Comutador Ethernet industrial Cisco IE 2000-4TS
  • Comutador Ethernet industrial Cisco IE 2000-4TS-G
  • Switch Ethernet Industrial Cisco IE 2000-8T67
  • Comutador Ethernet industrial Cisco IE 2000-8T67P
  • Comutador Ethernet industrial Cisco IE 2000-8TC
  • Switch Ethernet Industrial Cisco IE 2000-8TC-G
  • Switch Ethernet Industrial Cisco IE 2000-8TC-GE
  • Comutador Ethernet industrial Cisco IE 2000-8TC-GN
  • Comutador Ethernet industrial Cisco IE 3000-4TC
  • Comutador Ethernet industrial Cisco IE 3000-8TC
  • Comutador Ethernet industrial Cisco IE-3010-16S-8PC
  • Comutador Ethernet industrial Cisco IE-3010-24TC
  • Switch Ethernet Industrial Cisco IE-4000-16GT4G-E
  • Switch Ethernet Industrial Cisco IE-4000-16T4G-E
  • Comutador Ethernet industrial Cisco IE-4000-4GC4GP4G-E
  • Comutador Ethernet industrial Cisco IE-4000-4GS8GP4G-E
  • Comutador Ethernet industrial Cisco IE-4000-4S8P4G-E
  • Comutador Ethernet industrial Cisco IE-4000-4T4P4G-E
  • Switch Ethernet Industrial Cisco IE-4000-4TC4G-E
  • Comutador Ethernet industrial Cisco IE-4000-8GS4G-E
  • Comutador Ethernet industrial Cisco IE-4000-8GT4G-E
  • Comutador Ethernet industrial Cisco IE-4000-8GT8GP4G-E
  • Comutador Ethernet industrial Cisco IE-4000-8S4G-E
  • Comutador Ethernet industrial Cisco IE-4000-8T4G-E
  • Switch Ethernet Industrial Cisco IE-4010-16S12P
  • Comutador Ethernet industrial Cisco IE-4010-4S24P
  • Switch Ethernet Industrial Cisco IE-5000-12S12P-10G
  • Switch Ethernet Industrial Cisco IE-5000-16S12P
  • Switch Cisco ME 4924-10GE
  • Cisco RF Gateway 10
  • Módulo de serviço EtherSwitch da camada 2/3 do Cisco SM-X

As tentativas de explorar essa vulnerabilidade podem ser vistas nos logs das assinaturas Cisco IPS Signature 7880-0 , Snort SID 41909 e 41910, escreve a Cisco.

É impossível contornar a vulnerabilidade de forma alguma apenas se você desativar completamente as conexões de telnet recebidas e sair do SSH. A Cisco atualmente recomenda essa configuração. Se a desativação do telnet for inaceitável para você, você poderá reduzir a probabilidade de um ataque restringindo o acesso usando as Listas de controle de acesso da proteção de infraestrutura .

A Cisco prometeu lançar um patch no futuro.

A Cisco foi o primeiro grande fabricante de hardware a identificar a vulnerabilidade mencionada nos documentos da CIA. Até o momento, apenas desenvolvedores de software relataram erros de fechamento. Obviamente, os documentos ainda precisam ser cuidadosamente analisados. O site Wikileaks ainda não disponibilizou publicamente os arquivos de exploração da CIA, mas prometeu fornecê-los principalmente aos fornecedores para o fechamento prioritário de vulnerabilidades antes de colocar essas ferramentas nas mãos de todos. Julian Assange também mencionou que a parte publicada do Ano Zero é de apenas 1% do volume total do Vault 7. Os documentos estão na posse do Wikileaks e serão dispostos em partes.

Source: https://habr.com/ru/post/pt402493/

More articles:


All Articles