Executive Summary
Summary | |
---|---|
Title | Cisco IOS and IOS XE Software Cluster Management Protocol Remote Code Execution Vulnerability |
Informations | |||
---|---|---|---|
Name | cisco-sa-20170317-cmp | First vendor Publication | 2017-03-17 |
Vendor | Cisco | Last vendor Modification | 2017-03-17 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected device or remotely execute code with elevated privileges. The Cluster Management Protocol utilizes Telnet internally as a signaling and command protocol between cluster members. The vulnerability is due to the combination of two factors: The failure to restrict the use of CMP-specific Telnet options only to internal, local communications between cluster members and instead accept and process such options over any Telnet connection to an affected device, and The incorrect processing of malformed CMP-specific Telnet options. An attacker could exploit this vulnerability by sending malformed CMP-specific Telnet options while establishing a Telnet session with an affected Cisco device configured to accept Telnet connections. An exploit could allow an attacker to execute arbitrary code and obtain full control of the device or cause a reload of the affected device. Cisco will release software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170317-cmp ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170317-cmp"] BEGIN PGP SIGNATURE iQKBBAEBAgBrBQJYzAjfZBxDaXNjbyBTeXN0ZW1zIFByb2R1Y3QgU2VjdXJpdHkg SW5jaWRlbnQgUmVzcG9uc2UgVGVhbSAoQ2lzY28gUFNJUlQga2V5IDIwMTYtMjAx NykgPHBzaXJ0QGNpc2NvLmNvbT4ACgkQrz2APcQAkHm3jRAAzLR1b6oQbXCkv0yQ GpiGyo0l97V74L+99IvzJzibQrNr/7oFNVc0Sm0SWtGJwhBdIFWKKp7tpfxLFUYw QpgpmOQHfu70kajINv5hshpKReIT2lnUhmAiK0VQzxp8QY/3WboSTjEYLOTmFHHh xb3dNWmvGYiT9tuSvQ70AkMnl2EfU+P+pkucjcku4Vi5Jri7BIIIPjz1by16Juh +tIB5elmrFOFF/WGRERLo/a3anNlnoszoJxu+m57uS8CYICTnqJKeDEinpm64j0IB 7dWi1qqDTx9973zsmcqUZqeY9kSwierDJW5cii49GrOFOHUeJ9eWCOogEnE1+U4G iz7cJHsQ4qqBF39PBTMlxtY6xjhgGJDkRf3dzJBONH9EfoTpQOFMlO9220/2wlMe SquIU+SY31pW/xHcRfD8NoALZQ5EqrOkbbRXPGe/LwSUcXiFSBL0iMaE/jOPIRRs q6c7lbQr2kay0hTUMovhCvkVUlIC4eJAjwES3vau0EynKlumoYUb2Z7kSAq9QRqU vjHX1Iq+wrh+pM/+GFpx12yJzaDtIrBQSNtB/Jf8p0kNqlja/4Z90DDtwTCTaalR 7hGFyGWo3X3dPBxEL4OcASAaf2uC/J0ozprd0xCS8rsiMfn3rBYWtE6taK88njda 6UdaqFK+zmUBK8rQV0Lu6mOFpOo= =Ql/1 END PGP SIGNATURE _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com |
Original Source
Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...) |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-20 | Improper Input Validation |
CPE : Common Platform Enumeration
Snort® IPS/IDS
Date | Description |
---|---|
2017-03-10 | Cisco Software Cluster Management Protocol remote code execution attempt RuleID : 41910 - Revision : 4 - Type : SERVER-OTHER |
2017-03-10 | Cisco Software Cluster Management Protocol remote code execution attempt RuleID : 41909 - Revision : 4 - Type : SERVER-OTHER |
Metasploit Database
id | Description |
---|---|
2017-03-17 | Cisco IOS Telnet Denial of Service |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2017-10-11 | Name : The remote device is affected by a remote code execution vulnerability. File : cisco-sa-20170317-cmp-dos.nasl - Type : ACT_KILL_HOST |
2017-03-27 | Name : The remote device is missing a vendor-supplied security patch. File : cisco-sa-20170317-cmp-ios.nasl - Type : ACT_GATHER_INFO |
2017-03-27 | Name : The remote device is missing a vendor-supplied security patch. File : cisco-sa-20170317-cmp-iosxe.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2020-05-23 13:16:43 |
|
2017-10-12 13:34:41 |
|
2017-03-30 21:24:44 |
|
2017-03-28 13:25:26 |
|
2017-03-18 05:24:18 |
|
2017-03-17 17:23:04 |
|