A vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisco IOS XE Software could allow remote code execution. RCE is caused by attackers creating malicious code and injecting it into the server via input points. The server unknowingly executes the commands, and this allows an attacker to gain access to the system. After gaining access, the attacker might try to escalate privileges. This can completely compromise a vulnerable system. Remote code execution can leave the application and users at a high-risk, resulting in an impact on confidentiality, and integrity of data.
The risk is a combination of two factors:
- Failed to limit the use of CMP-specific telnet options to internal and local communications between cluster members, instead accepting and processing such options over any telnet connection
- Improper processing of corrupted CMP-specific telnet options.
An attacker could exploit this vulnerability by sending malformed CMP-specific Telnet options while establishing a Telnet session with an affected Cisco device configured to accept Telnet connections. An exploit could allow a malicious user to execute arbitrary code and obtain full control of the device or cause a reload of the affected device.
Mitigation / Precaution
- Timely patching or installation of software updates is an essential preventative measure
