Hundreds of Cisco switches vulnerable to flaw found in WikiLeaks files

Cisco is warning that the software used in hundreds of its products are vulnerable to a "critical"-rated security flaw, which can be easily and remotely exploited with a simple command.

The vulnerability can allow an attacker to remotely gain access and take over an affected device.

More than 300 [Models of Cisco's] switches are affected by the vulnerability, Cisco said in an advisory.

According to the advisory, the bug is found in the cluster management protocol code in Cisco's IOS and IOS XE software, which the company installs on the routers and switches it sells.

An attacker can exploit the vulnerability by sending a malformed protocol-specific Telnet command while establishing a connection to the affected device, because of a flaw in how the protocol fails to properly process some commands.

Cisco said that there are "no workarounds" to address the vulnerability, but it said that disabling Telnet would "eliminate" some risks.

It's not known which documents specifically Cisco were referring to. The company said a software update will fix the issue, but it did not say when it will be released.

The security flaw was discovered by the company's own security researchers in WikiLeaks' most recent disclosure of classified information, released last week....