A flaw, CVE-2017-3881, has been found within Cisco products. This flaw allows special Cisco cluster management protocol messages sent to poorly secured Cisco products to give remote code execution to an attacker.
Alert Logic Coverage
In order for a target device to be vulnerable to this attack type, it must have its management network exposed to the public Internet and encrypted telnet must be available to the attacker on the public-facing network. Alert Logic® customers with basic security practices in place are not at risk for this vulnerability. Customers should ensure that their Cisco device management networks are not exposed to the public Internet.
Cisco is evaluating the situation and necessary next steps, and Alert Logic continues to monitor developments.
Contacting Alert Logic
With questions, contact Alert Logic Support using the following contact information:
US: 877.484.8383 (Option 2)
UK: +44 (0) 203 011 5533 (Option 1)