3 Years it has taken them to fix this despite there being an exploit for it as well being available.
by Dennis Fisher October 23, 2014 , 9:08 am
"There is a severe remote code execution vulnerability in a number of Cisco’s security appliances, a bug that was first disclosed nearly three years ago. The vulnerability is in Telnet and there has been a Metasploit module available to exploit it for years.
The FreeBSD Project first disclosed the vulnerability in telnet in December 2011 and it was widely publicized at the time. Recently, Glafkos Charalambous, a security researcher, discovered that the bug was still present in several of Cisco’s security boxes, including the Web Security Appliance, Email Security Appliance and Content Security Management Appliance. The vulnerability is in the AsyncOS software in those appliances and affects all versions of the products.
If the Telnet service is enabled on a vulnerable appliance, a remote attacker can execute arbitrary code."
Full Article
Cisco Patches Three-Year-Old Telnet Remote Code Execution Bug in Security Appliances
Userlevel 7
+54
Be the first to reply!
Reply
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.