Cisco IOS 12.2(55)SE11 Remote Code Execution

Nash N Sulthan

Published on

16 Jun 2021

1 min read

A vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisco IOS XE Software could allow remote code execution. RCE is caused by attackers creating malicious code and injecting it into the server via input points. The server unknowingly executes the commands, and this allows an attacker to gain access to the system. After gaining access, the attacker might try to escalate privileges. This can completely compromise a vulnerable system. Remote code execution can leave the application and users at a high-risk, resulting in an impact on confidentiality, and integrity of data.

The risk is a combination of two factors:

Failed to limit the use of CMP-specific telnet options to internal and local communications between cluster members, instead accepting and processing such options over any telnet connection
Improper processing of corrupted CMP-specific telnet options.

An attacker could exploit this vulnerability by sending malformed CMP-specific Telnet options while establishing a Telnet session with an affected Cisco device configured to accept Telnet connections. An exploit could allow a malicious user to execute arbitrary code and obtain full control of the device or cause a reload of the affected device.

Mitigation / Precaution

Timely patching or installation of software updates is an essential preventative measure

Automated human-like penetration testing for your web apps & APIs

Teams using Beagle Security are set up in minutes, embrace release-based CI/CD security testing and save up to 65% with timely remediation of vulnerabilities. Sign up for a free account to see what it can do for you.

Product tour

Written by