Το bug υπάρχει στο Cisco Cluster Management Protocol (CMP) και σύμφωνα με το Advisory της Cisco, δεν υπάρχει για την ώρα fix.

Η ευπάθεια μπορεί να αντιμετωπιστεί μερικώς, με απενεργοποίηση του telnet, αφού απαιτείται να είναι αυτό ενεργό για να γίνει εκμετάλλευση της.

“An attacker could exploit this vulnerability by sending malformed CMP-specific telnet options while establishing a telnet session with an affected Cisco device configured to accept telnet connections,” the advisory stated. “An exploit could allow an attacker to execute arbitrary code and obtain full control of the device or cause a reload of the affected device.”

Compounding the risk, vulnerable switches will process CMP-specific telnet options by default, “even if no cluster configuration commands are present on the device configuration,” the advisory warned. The vulnerability mostly affects Cisco Catalyst switches but is also found in Industrial Ethernet switches and embedded services. Cisco plans to release a fix at an unspecified data.