Cisco IOS Cluster Management Protocol Telnet Option Handling RCE (cisco-sa-20170317-cmp) (destructive check)
Critical Nessus Plugin ID 103783
SynopsisThe remote device is affected by a remote code execution vulnerability.
DescriptionThe remote device is affected by a remote code execution vulnerability in the Cluster Management Protocol (CMP) subsystem due to improper handling of CMP-specific Telnet options. An unauthenticated, remote attacker can exploit this by establishing a Telnet session with malformed CMP-specific telnet options, to execute arbitrary code.
SolutionUpgrade to the relevant fixed version referenced in Cisco bug ID CSCvd48893. Alternatively, as a workaround, disable the Telnet protocol for incoming connections.