​Cisco: disable Telnet in 300-plus Cisco switch models until we patch

Cisco has reported a serious flaw in its IOS software that could give hackers complete control over 300 vulnerable enterprise and industrial switches.

Cisco is recommending users of affected switches to disable Telnet and instead use SSH to prevent incoming connections that attempt to exploit a critical flaw in a protocol for communicating between clusters of switches running its IOS (Internetwork Operating System) and IOS XE software.

The flaw, which resides in the Cisco Cluster Management Protocol (CMP), affects 264 Cisco Catalyst switch models and components, and dozens of Cisco IE switches. Cisco has given the bug a Common Vulnerability Scoring System rating of 9.8 out of a possible 10.

An advisory on Friday states that the CMP bug could allow a “remote attacker to cause a reload of an affected device or remotely execute code with elevated privileges.”

Cisco says the communications protocol currently allows CMP-specific Telnet options over any Telnet connection rather than, as it should, restricting it to internal, local communications between cluster members. It also does not prevent malformed CMP-specific Telnet options from being processed.

“An attacker could exploit this vulnerability by sending malformed CMP-specific Telnet options while establishing a Telnet session with an affected Cisco device configured to accept Telnet connections. An exploit could allow an attacker to execute arbitrary code and obtain full control of the device or cause a reload of the affected device,” it said in an advisory.

Cisco intends to release a patch for this flaw but since there are no workarounds it’s advising customers to disable incoming Telnet connections and switch to SSH. if this is not an option, admins can reduce their attack surface by implementing infrastructure control lists to whitelist traffic, according to Cisco.

Cisco has provided instructions for checking if a device is set to accept incoming Telnet connections. It’s also provided a full list of affected products and instructions for checking the version of IOS and IOS XE customers are using.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Follow our new CSO Australia LinkedIn
Follow our new social and we'll keep you in the loop for exclusive events and all things security!
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

Tags cyber crimeioscyber criminalsciscocyber securitybugsCisco switchesiOS softwareCMP bug

More about CiscoSSHTelnet

Show Comments

Featured Whitepapers

Editor's Recommendations

Brand Page

Stories by Liam Tung

Latest Videos

More videos

Blog Posts