topic Re: Cisco IOS and IOS XE Software Cluster Management Protocol Remote C in Network Security https://community.cisco.com/t5/network-security/cisco-ios-and-ios-xe-software-cluster-management-protocol-remote/m-p/5035746#M1109713 <P><a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/1500030">@dissai</a></P> <P><EM><U>Disabling the Telnet protocol as an allowed protocol for incoming connections would eliminate the exploit vector</U></EM>. Disabling Telnet and using SSH is recommended by Cisco. Information on how to do both can be found on the <A href="http://www.cisco.com/c/en/us/support/docs/ip/access-lists/13608-21.html" target="_blank" rel="noopener">Cisco Guide to Harden Cisco IOS Devices</A>.</P> <P>refer to this advisory - <A href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170317-cmp" target="_blank">https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170317-cmp</A></P> <P>&nbsp;</P> <P>&nbsp;</P> Thu, 07 Mar 2024 10:16:10 GMT Rob Ingram 2024-03-07T10:16:10Z Cisco IOS and IOS XE Software Cluster Management Protocol Remote Code https://community.cisco.com/t5/network-security/cisco-ios-and-ios-xe-software-cluster-management-protocol-remote/m-p/5035731#M1109712 <P>Dear&nbsp; Friends,</P><P>I'm looking for solution to resolve below vulnerability for Cisco router ISR4331</P><P>Cisco IOS and IOS XE Software Cluster Management Protocol Remote Code Execution Vulnerability (cisco-sa-20170317-cmp)</P><P>I have attached the screen shot.&nbsp;</P><P>Regards</P><P>DI</P> Thu, 07 Mar 2024 10:08:44 GMT https://community.cisco.com/t5/network-security/cisco-ios-and-ios-xe-software-cluster-management-protocol-remote/m-p/5035731#M1109712 dissai 2024-03-07T10:08:44Z Re: Cisco IOS and IOS XE Software Cluster Management Protocol Remote C https://community.cisco.com/t5/network-security/cisco-ios-and-ios-xe-software-cluster-management-protocol-remote/m-p/5035746#M1109713 <P><a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/1500030">@dissai</a></P> <P><EM><U>Disabling the Telnet protocol as an allowed protocol for incoming connections would eliminate the exploit vector</U></EM>. Disabling Telnet and using SSH is recommended by Cisco. Information on how to do both can be found on the <A href="http://www.cisco.com/c/en/us/support/docs/ip/access-lists/13608-21.html" target="_blank" rel="noopener">Cisco Guide to Harden Cisco IOS Devices</A>.</P> <P>refer to this advisory - <A href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170317-cmp" target="_blank">https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170317-cmp</A></P> <P>&nbsp;</P> <P>&nbsp;</P> Thu, 07 Mar 2024 10:16:10 GMT https://community.cisco.com/t5/network-security/cisco-ios-and-ios-xe-software-cluster-management-protocol-remote/m-p/5035746#M1109713 Rob Ingram 2024-03-07T10:16:10Z Re: Cisco IOS and IOS XE Software Cluster Management Protocol Remote C https://community.cisco.com/t5/network-security/cisco-ios-and-ios-xe-software-cluster-management-protocol-remote/m-p/5035757#M1109714 Hello Roby,<BR /><BR />See below output. I have not allowed telnet and still I'm getting the<BR />vulnerability query.<BR /><BR />SERVICE-RT#<BR />SERVICE-RT#show run | sec line vty<BR />line vty 0 4<BR />exec-timeout 60 0<BR />privilege level 15<BR />transport input ssh<BR />transport output none<BR />line vty 5 15<BR />exec-timeout 60 0<BR />privilege level 15<BR />transport input ssh<BR />transport output none<BR />SERVICE-RT#<BR /><BR />Another router has the same issue.<BR /><BR />line vty 0 4<BR />transport input ssh<BR />transport output ssh<BR />line vty 5<BR />privilege level 15<BR />transport input ssh<BR />transport output ssh<BR />line vty 6 14<BR />transport input ssh<BR />line vty 15<BR />session-timeout 10 output<BR />transport input ssh<BR /> Thu, 07 Mar 2024 10:21:36 GMT https://community.cisco.com/t5/network-security/cisco-ios-and-ios-xe-software-cluster-management-protocol-remote/m-p/5035757#M1109714 dissai 2024-03-07T10:21:36Z Re: Cisco IOS and IOS XE Software Cluster Management Protocol Remote C https://community.cisco.com/t5/network-security/cisco-ios-and-ios-xe-software-cluster-management-protocol-remote/m-p/5035776#M1109715 <P><a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/1500030">@dissai</a> From your output you've enabled only SSH on all VTY lines and from that <A href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170317-cmp" target="_self">link</A> I provided:-</P> <UL> <LI>The SSH protocol is the only protocol enabled for incoming connections on all VTYs. No Telnet connections are possible to any VTY on the device while using this configuration. <EM><STRONG>This configuration is not vulnerable.</STRONG></EM></LI> </UL> <BLOCKQUOTE> <PRE>Switch#show running-config | include ^line vty|transport input line vty 0 4 transport input ssh line vty 5 15 transport input ssh Switch#</PRE> </BLOCKQUOTE> <P>I suggestion would be to upgrade your software to remove the vulnerability.</P> <P>You should as a best practice have a VTY ACL restricting trusted networks to connect on SSH only.</P> <P>&nbsp;</P> <P>&nbsp;</P> <P><LI-WRAPPER></LI-WRAPPER></P> Thu, 07 Mar 2024 10:33:17 GMT https://community.cisco.com/t5/network-security/cisco-ios-and-ios-xe-software-cluster-management-protocol-remote/m-p/5035776#M1109715 Rob Ingram 2024-03-07T10:33:17Z