Cisco Releases Security Advisory for Telnet Vulnerability in IOS XE Software

Threat ID:: CC-3527
Threat Severity:: Low
Published:: 3 July 2020 12:00 AM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Affected platforms

The following platforms are known to be affected:

Cisco IOS XE Software when persistent Telnet is configured

Threat details

Cisco has released a security advisory on a Telnet vulnerability—CVE-2020-10188—affecting Cisco IOS XE devices. A remote attacker could exploit this vulnerability to take control of an affected system. The advisory contains workarounds as well as indicators of compromise.

Remediation advice

Users and administrators are encouraged to review the Cisco ecurity advisory and apply the necessary workarounds.

Remediation steps

Type	Step
Guidance	Review and apply mitigations. https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-telnetd-EFJrEzPx

Definitive source of threat updates

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-telnetd-EFJrEzPx

CVE Vulnerabilities

Status Master

CVE-2020-10188

utility.c in telnetd in netkit telnet through 0.17 allows remote attackers to execute arbitrary code via short writes or urgent data, because of a buffer overflow involving the netclear and nextitem functions.

Last edited: 3 July 2020 12:11 pm