Cisco has reported a serious flaw in its IOS software that could give hackers complete control over 300 vulnerable enterprise and industrial switches.
Cisco is recommending users of affected switches to disable Telnet and instead use SSH to prevent incoming connections that attempt to exploit a critical flaw in a protocol for communicating between clusters of switches running its IOS (Internetwork Operating System) and IOS XE software.
The flaw, which resides in the Cisco Cluster Management Protocol (CMP), affects 264 Cisco Catalyst switch models and components, and dozens of Cisco IE switches. Cisco has given the bug a Common Vulnerability Scoring System rating of 9.8 out of a possible 10.
An advisory on Friday states that the CMP bug could allow a “remote attacker to cause a reload of an affected device or remotely execute code with elevated privileges.”
Cisco says the communications protocol currently allows CMP-specific Telnet options over any Telnet connection rather than, as it should, restricting it to internal, local communications between cluster members. It also does not prevent malformed CMP-specific Telnet options from being processed.
“An attacker could exploit this vulnerability by sending malformed CMP-specific Telnet options while establishing a Telnet session with an affected Cisco device configured to accept Telnet connections. An exploit could allow an attacker to execute arbitrary code and obtain full control of the device or cause a reload of the affected device,” it said in an advisory.
Cisco intends to release a patch for this flaw but since there are no workarounds it’s advising customers to disable incoming Telnet connections and switch to SSH. if this is not an option, admins can reduce their attack surface by implementing infrastructure control lists to whitelist traffic, according to Cisco.
Cisco has provided instructions for checking if a device is set to accept incoming Telnet connections. It’s also provided a full list of affected products and instructions for checking the version of IOS and IOS XE customers are using.