CVE-2017-3881
Ouch:
The security notice also has a few interesting hints about IOS configurations that don't actually disable telnet...
Ouch:
Cisco wrote:
A vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected device or remotely execute code with elevated privileges. [..]
An attacker could exploit this vulnerability by sending malformed CMP-specific Telnet options while establishing a Telnet session with an affected Cisco device configured to accept Telnet connections. [..]
This vulnerability was found during the analysis of documents related to the Vault 7 disclosure.
An attacker could exploit this vulnerability by sending malformed CMP-specific Telnet options while establishing a Telnet session with an affected Cisco device configured to accept Telnet connections. [..]
This vulnerability was found during the analysis of documents related to the Vault 7 disclosure.
The security notice also has a few interesting hints about IOS configurations that don't actually disable telnet...