Sales: 833-641-1814 - Service: 585-582-1600


Title: Cisco Releases Critical Security Advisory For IOS and IOS XE 0-day Found in "Vault 7" Info Dump
Description: Cisco has released a critical security advisory in response to CVE-2017-3881, a 0-day vulnerability that was identified in the "Vault 7" information dump. CVE-2017-3881 is a remote code execution vulnerability that manifests in the Cisco Cluster Management Protocol (CMP) processing functionality of IOS and IOS XE. A remote, unauthenticated attacker who transmits malformed CMP-specific Telnet options to a vulnerable device could exploit this flaw and execute arbitrary code with elevated privileges. Note that the vulnerable device must be configured to accept Telnet connections. Cisco is currently developing software updates that will address this vulnerability.
Snort SID: 41909-41910