Written by Brad Maher on April 3, 2017
Over the past few weeks Cisco Systems has released information about some issues that our customers need to be aware of. Some of this stems from the “Wiki Leaks CIA Dump”, and others are bugs customers have run into in the field. We have lots of customers running devices that have effected versions of the code outlined below. We expect that this will impact a majority of Cisco users out there.
It appears that devices running Cisco IOS can be compromised via the telnet protocol. Here is a brief summary of how Cisco Documents the issue.
“A specifically crafted Transmission Control Protocol (TCP) connection to a telnet or reverse telnet port of a Cisco device running Internetwork Operating System (IOS)® may block further telnet, reverse telnet, Remote Shell (RSH), Secure Shell (SSH), and in some cases Hypertext Transport Protocol (HTTP) access to the Cisco device. Data Link Switching (DLSw) and protocol translation connections may also be affected. Telnet, reverse telnet, RSH, SSH, DLSw and protocol translation sessions established prior to exploitation are not affected.
All other device services will operate normally. Services such as packet forwarding (excluding DLSw and protocol translation per above), routing protocols and all other communication to and through the device are not affected.”
Cisco has a full write up of the details available here
If you are still using telnet you should switch to SSH ASAP, this will get you away from being as vulnerable without a code upgrade. Then you can download your fixed version of code and update during a regular maintenance window.
This is a newer issue that has come to the attention of Cisco. This is basically a bug that has no work around other than to reboot the devices before they hit 213.5 days of up-time. If you have an HA pair you can reboot standby devices first then move on to the active device. If you don’t have an HA configuration do a reboot of the device during your next available maintenance window, if time permits.
For more details on the issue please see the Cisco advisory located here. Cisco expects to have code upgrades available in the coming weeks to remediate this issue.
Contact us for more information.