Security Experts:

Connect with us

Hi, what are you looking for?


Network Security

Cisco Fixes 3-Year-Old Vulnerability Affecting Security Appliances

Cisco has released software updates to address a three-year-old vulnerability in the Telnet code of Cisco AsyncOS, the operating systems used in some of the company’s security appliances.

Cisco has released software updates to address a three-year-old vulnerability in the Telnet code of Cisco AsyncOS, the operating systems used in some of the company’s security appliances.

The flaw affecting the telnetd daemon (CVE-2011-4862) was disclosed by the FreeBSD Project back in December 2011. However, earlier this year, researcher Glafkos Charalambous noticed that some Cisco security appliances are still impacted by the vulnerability.

Cisco LogoAccording to the advisory published by Cisco, the security hole can be exploited by a remote, unauthenticated attacker to execute arbitrary code with elevated privileges. The company says all models of the Cisco Web Security Appliance (WSA), the Cisco Email Security Appliance (ESA), and the Cisco Content Security Management Appliance (SMA) running an affected version of AsyncOS are affected.

“The vulnerability is due to insufficient boundary checks when processing telnet encryption keys.  An unauthenticated, remote attacker could exploit this vulnerability by sending malicious requests to a targeted system.  If successful, the attacker could execute arbitrary code on the system with elevated privileges,” Cisco said in its advisory.

In a separate advisory published by Charalambous on Wednesday, the researcher noted that Cisco WSA virtual appliances have the vulnerable telnetd daemon enabled by default. However, Cisco pointed out that the Cisco AsyncOS software for Cisco WSA is affected only if the System Setup Wizard (SSW) has not been performed. The company says this limits the scope of the vulnerability because the appliance doesn’t fully operate if the SSW has not been completed, and the completion of the setup process disables Telnet access.

In the advisory it published in 2011, the FreeBSD Project noted that telnetd had been disabled by default in FreeBSD since August 2001. “[Due] to the lack of cryptographic security in the Telnet protocol, it is strongly recommended that the SSH protocol be used instead,” the FreeBSD Project advised at the time.

Cisco is now giving the same advice to its customers in the workarounds section of its advisory.

“For some versions of Cisco AsyncOS Software for Cisco ESA and Cisco SMA, Telnet is configured on the Management port. Telnet services can be disabled to mitigate this vulnerability. Administrators can disable Telnet by using the administration graphical user interface (GUI) or by using the interfaceconfig command in the command-line interface (CLI). As a security best practice, customers should use Secure Shell (SSH) instead of Telnet,” the company said.

Charalambous’s advisory shows that the issue was reported to Cisco in mid-May 2014, and patches were released in late August.

Cisco hasn’t said anything about the vulnerability being exploited in the wild against its customers, but it has pointed out that Metasploit exploit modules for the vulnerability are available. 

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.


Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.


Security researchers have observed an uptick in attacks targeting CVE-2021-35394, an RCE vulnerability in Realtek Jungle SDK.