CVE-2017-3881

Cisco IOS va Cisco IOS XE dasturiy ta'minotlarida Cisco Cluster Management Protocol (CMP) ishlov berish kodidagi zaiflik autentifikatsiya qilinmagan, masofaviy tajovuzkorga ta'sirlangan qurilmani qayta yuklashga yoki yuqori imtiyozlarga ega kodni masofadan turib bajarishga imkon berishi mumkin. Klasterni boshqarish protokoli Telnet-dan klaster a'zolari o'rtasida signalizatsiya va buyruq protokoli sifatida ichki foydalanadi. Zaiflik ikkita omilning kombinatsiyasi bilan bog'liq: (1) CMP-ga xos Telnet opti-dan foydalanishni cheklamaslik.

CVSS Vector

Manbalar

• http://www.securityfocus.com/bid/96960
• http://www.securityfocus.com/bid/97391
• http://www.securitytracker.com/id/1038059
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170317-cmp
• https://www.exploit-db.com/exploits/41872/