Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1435
Views
0
Helpful
0
Replies

Cisco cluster management protocole CMP vulnerability.

hi.sadiki
Level 1
Level 1

‎07-05-2017 06:43 AM - edited ‎03-10-2019 12:51 AM

Hello Guys,

I trying very hard to understand the the vulnerability below on Cisco CMP, but I still unclear. 

Can you help please to clarify it or explain in simple words please :-)

""

A vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected device or remotely execute code with elevated privileges.

The Cluster Management Protocol utilizes Telnet internally as a signaling and command protocol between cluster members. The vulnerability is due to the combination of two factors:

    • The failure to restrict the use of CMP-specific Telnet options only to internal, local communications between cluster members and instead accept and process such options over any Telnet connection to an affected device, and 

The incorrect processing of malformed CMP-specific Telnet options. 

""

2 people had this problem
Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents