Cisco IOS 12.2(55)SE11 Remote Code Execution

Nash N Sulthan
Published on
16 Jun 2021
1 min read

A vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisco IOS XE Software could allow remote code execution. RCE is caused by attackers creating malicious code and injecting it into the server via input points. The server unknowingly executes the commands, and this allows an attacker to gain access to the system. After gaining access, the attacker might try to escalate privileges. This can completely compromise a vulnerable system. Remote code execution can leave the application and users at a high-risk, resulting in an impact on confidentiality, and integrity of data.

The risk is a combination of two factors:

  • Failed to limit the use of CMP-specific telnet options to internal and local communications between cluster members, instead accepting and processing such options over any telnet connection
  • Improper processing of corrupted CMP-specific telnet options.

An attacker could exploit this vulnerability by sending malformed CMP-specific Telnet options while establishing a Telnet session with an affected Cisco device configured to accept Telnet connections. An exploit could allow a malicious user to execute arbitrary code and obtain full control of the device or cause a reload of the affected device.

Mitigation / Precaution

  • Timely patching or installation of software updates is an essential preventative measure
Automated human-like penetration testing for your web apps & APIs
Teams using Beagle Security are set up in minutes, embrace release-based CI/CD security testing and save up to 65% with timely remediation of vulnerabilities. Sign up for a free account to see what it can do for you.

Written by
Nash N Sulthan
Nash N Sulthan
Cyber Security Lead Engineer
Find website security issues in a flash
Improve your website's security posture with proactive vulnerability detection.
Free website security assessment