Home > Cyber News > CVE-2017-3881 Affects More than 300 Cisco Switches

CVE-2017-3881 Affects More than 300 Cisco Switches

CVE-2017-3881 is the identifier of a critical vulnerability affecting more than 300 Cisco switches and one gateway. The exploitation of the flaw could lead to attackers obtaining control over the corresponding devices.

Cisco came across CVE-2017-3881 while going through WikiLeak’s Vault 7 data dump, and is present in the Cluster Management Protocol processing code in Cisco IOS and Cisco IOS XE Software.

Related Story: 200 Cisco Routers Infected with SYNful Knock Malware

CVE-2017-3881 Official MITRE Description

A vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected device or remotely execute code with elevated privileges.[…]

As mentioned in the beginning, an exploit could enable an attacker to execute arbitrary code and take full control over the affected device. Another outcome is causing a reload of the affected device. The flaw affects Catalyst switches, Embedded Service 2020 switches, Enhanced Layer 2 EtherSwitch Service Module, Enhanced Layer 2/3 EtherSwitch Service Module, Gigabit Ethernet Switch Module (CGESM) for HP, IE Industrial Ethernet switches, ME 4924-10GE switch, RF Gateway 10, and SM-X Layer 2/3 EtherSwitch Service Module.

What Did Cisco Say about CVE-2017-3881?

The company explained that “an attacker could exploit this vulnerability by sending malformed CMP-specific Telnet options while establishing a Telnet session with an affected Cisco device configured to accept Telnet connections. “ In addition, an exploit could enable an attacker to execute arbitrary code and retrieve full control of the devices or cause reload.

CVE-2017-3881: Mitigation

According to Cisco, there aren’t any active malicious activities based on the flaw. The company will provide free software updates to address the bug, but apparently the exact time of the about-to-be-released solution is not known yet.

Related Story: CIA’s Umbrage Team Borrowed Techniques from Shamoon, Other Malware

Affected owners of the devices could disable the Telnet protocol and switch to using SSH. In case this is not possible, implementing infrastructure access control lists could reduce the risk of an attack.

For more information, refer to the official advisory released by Cisco.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree