Turn off Telnet: Zero-Day in Cisco software

Cisco warns of a new critical zero-day vulnerability in Cisco IOS and Cisco IOS XE software. The company described the vulnerability with the highest level of criticality and discovered it by analyzing the files leaked through "Vault 7" from Wikileaks last week.

The records contain details and describe hacking tools and tactics of the US Central Intelligence Agency (CIA).


Η ευπάθεια υπάρχει στον κώδικα επεξεργασίας Cluster Management (CMP) of Cisco IOS and Cisco IOS XE software.

If the defect is exploited (CVE-2017-3881) could allow a remote attacker to restart the device or run a malicious code remotely with increased rights to take full control, according to Cisco.

The CMP protocol is designed to transmit information between system members using the Telnet or SSH service.

Η ευπάθεια είναι στην προεπιλεγμένη ρύθμιση παραμέτρων των συσκευών της Ciscο και μπορεί να αξιοποιηθεί κατά τη of an IPv4 or IPv6 Telnet session.

The vulnerability affects 264 Catalyst switches, 51 industrial Ethernet switches, and 3 other devices, including Catalyst switches, Embedded Service 2020 switches, Enhanced Layer 2 / 3 EtherSwitch Service Module, Enhanced Layer 2 EtherSwitch Service Module, ME 4924-10GE switch, IE Industrial Ethernet Switches, 10 RF Gateway, SM-X Layer 2 / 3 EtherSwitch Service Module, and Gigabit Ethernet Switch Module (CGESM) for HP.

See the full list here

Currently, the vulnerability is unpatched, and until updates are released, Cisco recommends that everyone using its devices completely disable Telnet and use SSH.

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.081 registrants.

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).