the stream

Cisco IOS / IOS XE Cluster Management Protocol Remote Code Execution

Alexander Bochmann Saturday 18 of March, 2017


Cisco wrote:
A vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected device or remotely execute code with elevated privileges. [..]

An attacker could exploit this vulnerability by sending malformed CMP-specific Telnet options while establishing a Telnet session with an affected Cisco device configured to accept Telnet connections. [..]

This vulnerability was found during the analysis of documents related to the Vault 7 disclosure.

The security notice also has a few interesting hints about IOS configurations that don't actually disable telnet...