Slashdot Mirror

← Back to Stories (view on slashdot.org)

Cisco Fixes Three-Year-Old Telnet Flaw In Security Appliances

Posted by timothy on from the but-telnet's-otherwise-fine? dept.

Trailrunner7 writes "There is a severe remote code execution vulnerability in a number of Cisco's security appliances, a bug that was first disclosed nearly three years ago. The vulnerability is in Telnet and there has been a Metasploit module available to exploit it for years. The FreeBSD Project first disclosed the vulnerability in telnet in December 2011 and it was widely publicized at the time. Recently, Glafkos Charalambous, a security researcher, discovered that the bug was still present in several of Cisco's security boxes, including the Web Security Appliance, Email Security Appliance and Content Security Management Appliance. The vulnerability is in the AsyncOS software in those appliances and affects all versions of the products." At long last, though, as the article points out, "Cisco has released a patched version of the AsyncOS software to address the vulnerability and also has recommended some workarounds for customers."

4 of 60 comments (clear)

  1. Security + Telnet by MightyYar · · Score: 5, Insightful

    Security + Telnet = My Brain Hurts

    --
    W..w..W - Willy Waterloo washes Warren Wiggins who is washing Waldo Woo.
    1. Re:Security + Telnet by 3.5+stripes · · Score: 4, Insightful

      Yeah, any sort of security guidelines should have at the top, in the largest boldest letters possible, DO NOT USE TELNET.

      --


      He tried to kill me with a forklift!
  2. Re:Workaround list by Anonymous Coward · · Score: 3, Insightful

    You've obviously never seen somebody go over budget.

  3. I'd worry anyway. by khasim · · Score: 3, Insightful

    That makes sense on one level, but using telnet is a bad habit one shouldn't get into.

    I agree. A better habit is setting up and using SSH.

    Not only that but "defense in depth". Do NOT rely upon your perimeter defenses to stop all attacks. It only takes one person with a compromised laptop and you're cracked.

    1) these were default passwords that everyone on the team knew

    SSH can be set up the same.

    2) the development VLAN is secured from outsiders

    Until it is compromised.

    Remember, in defense you have to be right on everything all the time. An attacker can just stumble into something you missed. Like someone's laptop that was brought in when it should not have been.