P
Patrick Kennedy
Guest
Cisco recently released details of CVE-2017-3881 which is extremely serious. The issue is found in Cisco switches using Cisco IOS and Cisco IOS XE software. The exploit targets the Cisco Cluster Management Protocol and (CMP) of switches with Telnet active. It can allow the remote reboot, reload and remote execution of commands allowing for a malformed request to take over a switch. Cisco is accustomed to finding and patching security issues, but this one was disclosed withotu an immediate patch so we suspect it will take engineering to fix. If you run Cisco switches, you need to be aware of this vulnerability.
About Cisco 0-Day CVE-2017-3881
Cisco Logo
Here is an excerpt on the vulnerability:
A vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected device or remotely execute code with elevated privileges.
The Cluster Management Protocol utilizes Telnet internally as a signaling and command protocol between cluster members. The vulnerability is due to the combination of two factors:
The failure to restrict the use of CMP-specific Telnet options only to internal, local communications between cluster members and instead accept and process such options over any Telnet connection to an affected device, and
The incorrect processing of malformed CMP-specific Telnet options.
An attacker could exploit this vulnerability by sending malformed CMP-specific Telnet options while establishing a Telnet session with an affected Cisco device configured to accept Telnet connections. An exploit could allow an attacker to execute arbitrary code and obtain full control of the device or cause a reload of the affected device.
Cisco will release software updates that address this vulnerability. There are no workarounds that address this vulnerability.
(Source: Cisco)
Cisco CVE-2017-3881 Impacted Models
Here is the impacted product list. Warning, it covers hundreds of Cisco switch models.
Cisco Catalyst 2350-48TD-S Switch
Cisco Catalyst 2350-48TD-SD Switch
Cisco Catalyst 2360-48TD-S Switch
Cisco Catalyst 2918-24TC-C Switch
Cisco Catalyst 2918-24TT-C Switch
Cisco Catalyst 2918-48TC-C Switch
Cisco Catalyst 2918-48TT-C Switch
Cisco Catalyst 2928-24TC-C Switch
Cisco Catalyst 2960-24-S Switch
Cisco Catalyst 2960-24LC-S Switch
Cisco Catalyst 2960-24LT-L Switch
Cisco Catalyst 2960-24PC-L Switch
Cisco Catalyst 2960-24PC-S Switch
Cisco Catalyst 2960-24TC-L Switch
Cisco Catalyst 2960-24TC-S Switch
Cisco Catalyst 2960-24TT-L Switch
Cisco Catalyst 2960-48PST-L Switch
Cisco Catalyst 2960-48PST-S Switch
Cisco Catalyst 2960-48TC-L Switch
Cisco Catalyst 2960-48TC-S Switch
Cisco Catalyst 2960-48TT-L Switch
Cisco Catalyst 2960-48TT-S Switch
Cisco Catalyst 2960-8TC-L Compact Switch
Cisco Catalyst 2960-8TC-S Compact Switch
Cisco Catalyst 2960-Plus 24LC-L Switch
Cisco Catalyst 2960-Plus 24LC-S Switch
Cisco Catalyst 2960-Plus 24PC-L Switch
Cisco Catalyst 2960-Plus 24PC-S Switch
Cisco Catalyst 2960-Plus 24TC-L Switch
Cisco Catalyst 2960-Plus 24TC-S Switch
Cisco Catalyst 2960-Plus 48PST-L Switch
Cisco Catalyst 2960-Plus 48PST-S Switch
Cisco Catalyst 2960-Plus 48TC-L Switch
Cisco Catalyst 2960-Plus 48TC-S Switch
Cisco Catalyst 2960C-12PC-L Switch
Cisco Catalyst 2960C-8PC-L Switch
Cisco Catalyst 2960C-8TC-L Switch
Cisco Catalyst 2960C-8TC-S Switch
Cisco Catalyst 2960CG-8TC-L Compact Switch
Cisco Catalyst 2960CPD-8PT-L Switch
Cisco Catalyst 2960CPD-8TT-L Switch
Cisco Catalyst 2960CX-8PC-L Switch
Cisco Catalyst 2960CX-8TC-L Switch
Cisco Catalyst 2960G-24TC-L Switch
Cisco Catalyst 2960G-48TC-L Switch
Cisco Catalyst 2960G-8TC-L Compact Switch
Cisco Catalyst 2960L-16PS-LL Switch
Cisco Catalyst 2960L-16TS-LL Switch
Cisco Catalyst 2960L-24PS-LL Switch
Cisco Catalyst 2960L-24TS-LL Switch
Cisco Catalyst 2960L-48PS-LL Switch
Cisco Catalyst 2960L-48TS-LL Switch
Cisco Catalyst 2960L-8PS-LL Switch
Cisco Catalyst 2960L-8TS-LL Switch
Cisco Catalyst 2960PD-8TT-L Compact Switch
Cisco Catalyst 2960S-24PD-L Switch
Cisco Catalyst 2960S-24PS-L Switch
Cisco Catalyst 2960S-24TD-L Switch
Cisco Catalyst 2960S-24TS-L Switch
Cisco Catalyst 2960S-24TS-S Switch
Cisco Catalyst 2960S-48FPD-L Switch
Cisco Catalyst 2960S-48FPS-L Switch
Cisco Catalyst [...]
The post Cisco 0-day Unpatched Switch Telnet Vulnerability CVE-2017-3881 appeared first on ServeTheHome.
Related posts:
Continue reading...
About Cisco 0-Day CVE-2017-3881
Cisco Logo
Here is an excerpt on the vulnerability:
A vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected device or remotely execute code with elevated privileges.
The Cluster Management Protocol utilizes Telnet internally as a signaling and command protocol between cluster members. The vulnerability is due to the combination of two factors:
The failure to restrict the use of CMP-specific Telnet options only to internal, local communications between cluster members and instead accept and process such options over any Telnet connection to an affected device, and
The incorrect processing of malformed CMP-specific Telnet options.
An attacker could exploit this vulnerability by sending malformed CMP-specific Telnet options while establishing a Telnet session with an affected Cisco device configured to accept Telnet connections. An exploit could allow an attacker to execute arbitrary code and obtain full control of the device or cause a reload of the affected device.
Cisco will release software updates that address this vulnerability. There are no workarounds that address this vulnerability.
(Source: Cisco)
Cisco CVE-2017-3881 Impacted Models
Here is the impacted product list. Warning, it covers hundreds of Cisco switch models.
Cisco Catalyst 2350-48TD-S Switch
Cisco Catalyst 2350-48TD-SD Switch
Cisco Catalyst 2360-48TD-S Switch
Cisco Catalyst 2918-24TC-C Switch
Cisco Catalyst 2918-24TT-C Switch
Cisco Catalyst 2918-48TC-C Switch
Cisco Catalyst 2918-48TT-C Switch
Cisco Catalyst 2928-24TC-C Switch
Cisco Catalyst 2960-24-S Switch
Cisco Catalyst 2960-24LC-S Switch
Cisco Catalyst 2960-24LT-L Switch
Cisco Catalyst 2960-24PC-L Switch
Cisco Catalyst 2960-24PC-S Switch
Cisco Catalyst 2960-24TC-L Switch
Cisco Catalyst 2960-24TC-S Switch
Cisco Catalyst 2960-24TT-L Switch
Cisco Catalyst 2960-48PST-L Switch
Cisco Catalyst 2960-48PST-S Switch
Cisco Catalyst 2960-48TC-L Switch
Cisco Catalyst 2960-48TC-S Switch
Cisco Catalyst 2960-48TT-L Switch
Cisco Catalyst 2960-48TT-S Switch
Cisco Catalyst 2960-8TC-L Compact Switch
Cisco Catalyst 2960-8TC-S Compact Switch
Cisco Catalyst 2960-Plus 24LC-L Switch
Cisco Catalyst 2960-Plus 24LC-S Switch
Cisco Catalyst 2960-Plus 24PC-L Switch
Cisco Catalyst 2960-Plus 24PC-S Switch
Cisco Catalyst 2960-Plus 24TC-L Switch
Cisco Catalyst 2960-Plus 24TC-S Switch
Cisco Catalyst 2960-Plus 48PST-L Switch
Cisco Catalyst 2960-Plus 48PST-S Switch
Cisco Catalyst 2960-Plus 48TC-L Switch
Cisco Catalyst 2960-Plus 48TC-S Switch
Cisco Catalyst 2960C-12PC-L Switch
Cisco Catalyst 2960C-8PC-L Switch
Cisco Catalyst 2960C-8TC-L Switch
Cisco Catalyst 2960C-8TC-S Switch
Cisco Catalyst 2960CG-8TC-L Compact Switch
Cisco Catalyst 2960CPD-8PT-L Switch
Cisco Catalyst 2960CPD-8TT-L Switch
Cisco Catalyst 2960CX-8PC-L Switch
Cisco Catalyst 2960CX-8TC-L Switch
Cisco Catalyst 2960G-24TC-L Switch
Cisco Catalyst 2960G-48TC-L Switch
Cisco Catalyst 2960G-8TC-L Compact Switch
Cisco Catalyst 2960L-16PS-LL Switch
Cisco Catalyst 2960L-16TS-LL Switch
Cisco Catalyst 2960L-24PS-LL Switch
Cisco Catalyst 2960L-24TS-LL Switch
Cisco Catalyst 2960L-48PS-LL Switch
Cisco Catalyst 2960L-48TS-LL Switch
Cisco Catalyst 2960L-8PS-LL Switch
Cisco Catalyst 2960L-8TS-LL Switch
Cisco Catalyst 2960PD-8TT-L Compact Switch
Cisco Catalyst 2960S-24PD-L Switch
Cisco Catalyst 2960S-24PS-L Switch
Cisco Catalyst 2960S-24TD-L Switch
Cisco Catalyst 2960S-24TS-L Switch
Cisco Catalyst 2960S-24TS-S Switch
Cisco Catalyst 2960S-48FPD-L Switch
Cisco Catalyst 2960S-48FPS-L Switch
Cisco Catalyst [...]
The post Cisco 0-day Unpatched Switch Telnet Vulnerability CVE-2017-3881 appeared first on ServeTheHome.
Related posts:
- WD My Net Switch – 8 Port Gigabit Ethernet Unmanaged Network Switch Review
- A New PCIe Switch Option: The Microsemi Switchtec PCIe Gen3 Switch
- QCT QuantaMesh T1048-LY4A review – our datacenter lab switch
- Tripp Lite NSU-G24C2P08 Review – PDU and PoE switch 1U combo
Continue reading...