According to the advisory, the bug is found in the Cluster Management Protocol (CMP) code in Cisco's IOS and IOS XE software, which the company installs on the switches it sells.
The CMP protocol has been designed to pass around information about switch clusters between cluster members using Telnet or SSH.
The vulnerability is in the default configuration of affected Cisco devices, even if the user doesn't configure any cluster configuration commands. The flaw can be exploited during Telnet session negotiation over either IPv4 or IPv6.
According to the Cisco researchers, this bug occurs in Telnet connections within the CMP, due to two factors:
- The protocol doesn't restrict the use of CMP - specific Telnet options only to internal, local communications between cluster members; instead, it accepts and processes commands over any Telnet connection to an affected device.
- The incorrect processing of malformed CMP-specific Telnet options.
Click here to view a full list of affected Cisco Switches.
Disable Telnet on vulnerable switches
As of writing, a patch(es) has not been released and until patches are available, Cisco recommends its users to disable the Telnet connection to the switch devices in favor of SSH.The SSH protocol is the only protocol that should be enabled for incoming connections on all VTYs. No Telnet connections should be possible to any VTY on the device while using this configuration.
Switch#show running-config | include ^line vty|transport input
line vty 0 4
transport input ssh
line vty 5 15
transport input ssh
Switch#
image credit