Cisco have published a security advisory that looks it could impact quite a few devices out there in your network. The timing of this (late on a Friday afternoon) wasn’t particularly useful for customers on the East of the Atlantic to deal with!
cisco-sa-20170317-cmp, (also published as CVE-2017-3881) impacts Cisco IOS and IOS XE deployments when using the Cisco Cluster Management Protocol.
The advisory lists several switches, including most of the Cisco 2960 (and the Plus, C, G, L, S, X and XR models), 3550, 3560 (and the C, CX, E, G, v2 and X variants) , 3570, supervisor modules on Cisco Catalyst 4500 switches, switches for various blade server environments, and the Cisco IE Industrial Ethernet Switches in both 2000, 3000 and 4000 series.. That’s a lot of devices, and you should check against the original advisory if your device is affected.
Minimizing the risk includes removing Telnet management from the switches, which removes some of the attack surface from the switches, but the underlying CMP element still has issues with malformed options, and it looks like this will need to be re coded to remove the vulnerability. Look forward to planning IOS upgrades on the affected devices soon!
