Cisco mitigated a hole in over 300 of its switches this week.
The networking giant is also urging users to apply the patches as soon as possible because an exploit for it has been available.
“A vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected device or remotely execute code with elevated privileges,” Cisco researchers said.
“An attacker could exploit this vulnerability by sending malformed CMP-specific Telnet options while establishing a Telnet session with an affected Cisco device configured to accept Telnet connections.”
The vulnerability exists partly because of a failure to restrict the use of CMP-specific Telnet options only to internal, local communications between cluster members, and partly because malformed CMP-specific Telnet options are incorrectly processed. These problems have now apparently been rectified.
Another option for those who, for whatever reason, don’t want to implement the offered patches is to disable the Telnet protocol for incoming connections.
Cisco has been recommending the switch to SSH for a while now, and it offered instruction on how to do it. This mover, however eliminates the exploit vector, not the vulnerability.
The lengthy list of vulnerable devices can end up found in Cisco’s advisory.
The existence of the vulnerability ended up publicly exposed in March as details were in WikiLeaks’ Vault 7 data dump, believed to have been stolen from the CIA.
Cisco said it is not “aware of any malicious use of the vulnerability.”
The criticality of the vulnerability is reflected in its CVSS Score of 9.8.