A vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote malicious user to cause a reload of an affected device or remotely execute code with elevated privileges. The Cluster Management Protocol utilizes Telnet internally as a signaling and command protocol between cluster members. The vulnerability is due to the combination of two factors: (1) the failure to restrict the use of CMP-specific Telnet options only to internal, local communications between cluster members and instead accept and process such options over any Telnet connection to an affected device; and (2) the incorrect processing of malformed CMP-specific Telnet options. An attacker could exploit this vulnerability by sending malformed CMP-specific Telnet options while establishing a Telnet session with an affected Cisco device configured to accept Telnet connections. An exploit could allow an malicious user to execute arbitrary code and obtain full control of the device or cause a reload of the affected device. This affects Catalyst switches, Embedded Service 2020 switches, Enhanced Layer 2 EtherSwitch Service Module, Enhanced Layer 2/3 EtherSwitch Service Module, Gigabit Ethernet Switch Module (CGESM) for HP, IE Industrial Ethernet switches, ME 4924-10GE switch, RF Gateway 10, and SM-X Layer 2/3 EtherSwitch Service Module. Cisco Bug IDs: CSCvd48893.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cisco ios |
||
cisco ios_xe |
Website settings altered to point visitors to malicious clones
Internet domain registrars and at least one registry were hijacked to change certain websites' DNS settings so that visitors to said sites were in fact directed to password-stealing phishing pages, researchers detailed on Wednesday. It is believed this is the first time state-backed miscreants have compromised web domain organizations, including those handling country-code level top-level domains, in order to phish specific targets. Essentially, once inside a registry or registrar, the hackers w...
Telnet security flaw fix finally lands – or just use SSH, yeah?
Cisco has patched a critical security flaw in its switches that can be potentially exploited by miscreants to hijack networks – a flaw disclosed in the Vault 7 leak of CIA files. Switchzilla says the vulnerability, CVE-2017-3881, can be exploited remotely by simply establishing a Telnet connection and sending a cluster management protocol (CMP) command to the target equipment. There is a proof-of-concept exploit here. "An attacker could exploit this vulnerability by sending malformed CMP-speci...