Alerts Industry News

Remote Code Execution Vulnerability Affecting 318 Cisco Switches

Following the WikiLeaks massive Vault 7 data leak, a new critical remote code vulnerability affecting 318 Cisco Systems switches has been revealed. While the data leak allegedly comes from the CIA, the vulnerability is very real, and Cisco has already issued an advisory for it.

The vulnerability involves the Cisco Cluster Management Protocol (CMP) that uses the Telnet protocol to accept and process malformed CMP-specific Telnet options. Consequently, an attacker could remotely dial into those switches and either cause a reload of the device or execute code running with elevated privileges.

“An attacker could exploit this vulnerability by sending malformed CMP-specific Telnet options while establishing a Telnet session with an affected Cisco device configured to accept Telnet connections,” reads the Cisco Advisory. “An exploit could allow an attacker to execute arbitrary code and obtain full control of the device or cause a reload of the affected device.”

Although the vulnerability is reportedly only active when the device is configured to accept any incoming Telnet connections – instead of only from internal cluster members – Cisco does mention that changing or disabling this setting could reduce the risk of compromise. However, the CVE-2017-3881 advisory reads that there are currently “no workarounds available” and that any Telnet session triggered over IPv4 or IPv6 can be exploited.

“The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory,” according to the same advisory.

While no patch is yet available for the vulnerability, the full list of 318 potentially affected devices can be found here.

About the author


Liviu Arsene is the proud owner of the secret to the fountain of never-ending energy. That's what's been helping him work his everything off as a passionate tech news editor for the past couple of years. He is the youngest and most restless member of the Bitdefender writer team and he covers mobile malware and security topics with fervor and a twist. His passions revolve around gadgets and technology, and he's always ready to write about what's hot and trendy out there in geek universe.

1 Comment

Click here to post a comment
  • Well the good news is that the exploit requires telnet to be enabled, since I'd imagine most admins would have telnet disabled in the first place. Still a doozy, regardless.