Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Network Security

Cisco Fixes 3-Year-Old Vulnerability Affecting Security Appliances

Cisco has released software updates to address a three-year-old vulnerability in the Telnet code of Cisco AsyncOS, the operating systems used in some of the company’s security appliances.

Cisco has released software updates to address a three-year-old vulnerability in the Telnet code of Cisco AsyncOS, the operating systems used in some of the company’s security appliances.

The flaw affecting the telnetd daemon (CVE-2011-4862) was disclosed by the FreeBSD Project back in December 2011. However, earlier this year, researcher Glafkos Charalambous noticed that some Cisco security appliances are still impacted by the vulnerability.

Cisco LogoAccording to the advisory published by Cisco, the security hole can be exploited by a remote, unauthenticated attacker to execute arbitrary code with elevated privileges. The company says all models of the Cisco Web Security Appliance (WSA), the Cisco Email Security Appliance (ESA), and the Cisco Content Security Management Appliance (SMA) running an affected version of AsyncOS are affected.

“The vulnerability is due to insufficient boundary checks when processing telnet encryption keys.  An unauthenticated, remote attacker could exploit this vulnerability by sending malicious requests to a targeted system.  If successful, the attacker could execute arbitrary code on the system with elevated privileges,” Cisco said in its advisory.

In a separate advisory published by Charalambous on Wednesday, the researcher noted that Cisco WSA virtual appliances have the vulnerable telnetd daemon enabled by default. However, Cisco pointed out that the Cisco AsyncOS software for Cisco WSA is affected only if the System Setup Wizard (SSW) has not been performed. The company says this limits the scope of the vulnerability because the appliance doesn’t fully operate if the SSW has not been completed, and the completion of the setup process disables Telnet access.

In the advisory it published in 2011, the FreeBSD Project noted that telnetd had been disabled by default in FreeBSD since August 2001. “[Due] to the lack of cryptographic security in the Telnet protocol, it is strongly recommended that the SSH protocol be used instead,” the FreeBSD Project advised at the time.

Cisco is now giving the same advice to its customers in the workarounds section of its advisory.

“For some versions of Cisco AsyncOS Software for Cisco ESA and Cisco SMA, Telnet is configured on the Management port. Telnet services can be disabled to mitigate this vulnerability. Administrators can disable Telnet by using the administration graphical user interface (GUI) or by using the interfaceconfig command in the command-line interface (CLI). As a security best practice, customers should use Secure Shell (SSH) instead of Telnet,” the company said.

Charalambous’s advisory shows that the issue was reported to Cisco in mid-May 2014, and patches were released in late August.

Advertisement. Scroll to continue reading.

Cisco hasn’t said anything about the vulnerability being exploited in the wild against its customers, but it has pointed out that Metasploit exploit modules for the vulnerability are available. 

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.