CVE-2017-3881 is the identifier of a critical vulnerability affecting more than 300 Cisco switches and one gateway. The exploitation of the flaw could lead to attackers obtaining control over the corresponding devices.
Cisco came across CVE-2017-3881 while going through WikiLeak’s Vault 7 data dump, and is present in the Cluster Management Protocol processing code in Cisco IOS and Cisco IOS XE Software.
CVE-2017-3881 Official MITRE Description
A vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected device or remotely execute code with elevated privileges.[…]
As mentioned in the beginning, an exploit could enable an attacker to execute arbitrary code and take full control over the affected device. Another outcome is causing a reload of the affected device. The flaw affects Catalyst switches, Embedded Service 2020 switches, Enhanced Layer 2 EtherSwitch Service Module, Enhanced Layer 2/3 EtherSwitch Service Module, Gigabit Ethernet Switch Module (CGESM) for HP, IE Industrial Ethernet switches, ME 4924-10GE switch, RF Gateway 10, and SM-X Layer 2/3 EtherSwitch Service Module.
What Did Cisco Say about CVE-2017-3881?
The company explained that “an attacker could exploit this vulnerability by sending malformed CMP-specific Telnet options while establishing a Telnet session with an affected Cisco device configured to accept Telnet connections. “ In addition, an exploit could enable an attacker to execute arbitrary code and retrieve full control of the devices or cause reload.
According to Cisco, there aren’t any active malicious activities based on the flaw. The company will provide free software updates to address the bug, but apparently the exact time of the about-to-be-released solution is not known yet.
Affected owners of the devices could disable the Telnet protocol and switch to using SSH. In case this is not possible, implementing infrastructure access control lists could reduce the risk of an attack.
For more information, refer to the official advisory released by Cisco.