CVE-2017-3881 Affects More than 300 Cisco Switches - How to, Technology and PC Security Forum |

CVE-2017-3881 Affects More than 300 Cisco Switches

CVE-2017-3881 is the identifier of a critical vulnerability affecting more than 300 Cisco switches and one gateway. The exploitation of the flaw could lead to attackers obtaining control over the corresponding devices.

Cisco came across CVE-2017-3881 while going through WikiLeak’s Vault 7 data dump, and is present in the Cluster Management Protocol processing code in Cisco IOS and Cisco IOS XE Software.

Related: 200 Cisco Routers Infected with SYNful Knock Malware

CVE-2017-3881 Official MITRE Description

A vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected device or remotely execute code with elevated privileges.[…]

As mentioned in the beginning, an exploit could enable an attacker to execute arbitrary code and take full control over the affected device. Another outcome is causing a reload of the affected device. The flaw affects Catalyst switches, Embedded Service 2020 switches, Enhanced Layer 2 EtherSwitch Service Module, Enhanced Layer 2/3 EtherSwitch Service Module, Gigabit Ethernet Switch Module (CGESM) for HP, IE Industrial Ethernet switches, ME 4924-10GE switch, RF Gateway 10, and SM-X Layer 2/3 EtherSwitch Service Module.

What Did Cisco Say about CVE-2017-3881?

The company explained that “an attacker could exploit this vulnerability by sending malformed CMP-specific Telnet options while establishing a Telnet session with an affected Cisco device configured to accept Telnet connections. “ In addition, an exploit could enable an attacker to execute arbitrary code and retrieve full control of the devices or cause reload.

CVE-2017-3881: Mitigation

According to Cisco, there aren’t any active malicious activities based on the flaw. The company will provide free software updates to address the bug, but apparently the exact time of the about-to-be-released solution is not known yet.

Related: CIA’s Umbrage Team Borrowed Techniques from Shamoon, Other Malware

Affected owners of the devices could disable the Telnet protocol and switch to using SSH. In case this is not possible, implementing infrastructure access control lists could reduce the risk of an attack.

For more information, refer to the official advisory released by Cisco.

Milena Dimitrova

An inspired writer, focused on user privacy and malicious software. Enjoys 'Mr. Robot' and fears '1984'.

More Posts - Website

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Subscribe to receive regular updates about the state of PC Security and latest threads.

Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.