Cisco IOS & IOS XE Software CMP(集群管理协议) 远程代码执行漏
2017年3月17日美国时间下午4点,Cisco官方网站发布Cisco IOS&IOS XE Software 集群管理协议(Cluster Management Protocol)存在远程代码执行漏洞。该漏洞目前为0day漏洞,危害等级高。该漏洞允许未授权访问,远程攻击者可以重启设备和远程执行代码提升权限。
Cisco IOS是Cisco的网际操作系统。是一个为网际互连优化的复杂的操作系统。是一个与硬件分离的软件体系结构,随网络技术的不断发展,可动态地升级以适应不断变化的技术(软件)。 根据FOFA系统显示,目前全球共有超过43万个对外可以访问(仅为全球分布情况,非漏洞影响情况)。其中美国超过3分之一。中国排使用量第二。该漏洞受影响设备达到319种型号。
Cisco IOS 全球分布(仅为全球分布情况,非漏洞影响情况)
Cisco IOS 全球分布 TOP 10(仅为全球分布情况,非漏洞影响情况)
Cisco IOS 中国分布(仅为全球分布情况,非漏洞影响情况)
Cisco IOS 中国行政区域分布 TOP 10(仅为全球分布情况,非漏洞影响情况)
漏洞原理与危害
集群管理协议(Cluster Management Protocol)是集群成员之间内部使用TELNET来进行信号和命令控制的协议。该漏洞是由两个因素构成:
1. 未能限制使用CMP-specific Telnet选项只对内部,而是接受 Telnet连接到任何一个受影响的设备
2. CMP-specific Telnet的错误处理选项。
CMP-specific Telnet 选项是默认的,即使没有出现在设置的集群设置命令中。
攻击者可以利用此漏洞通过发送畸形CMP-specific Telnet选项,向受影响设备建立一个Telnet会话。漏洞可能允许远程攻击者执行任意代码,提升权限,完全控制受影响的设备或导致设备重启。
漏洞影响
漏洞影响如下版本的设备
Cisco Catalyst 2350-48TD-S Switch
Cisco Catalyst 2350-48TD-SD Switch
Cisco Catalyst 2360-48TD-S Switch
Cisco Catalyst 2918-24TC-C Switch
Cisco Catalyst 2918-24TT-C Switch
Cisco Catalyst 2918-48TC-C Switch
Cisco Catalyst 2918-48TT-C Switch
Cisco Catalyst 2928-24TC-C Switch
Cisco Catalyst 2960-24-S Switch
Cisco Catalyst 2960-24LC-S Switch
Cisco Catalyst 2960-24LT-L Switch
Cisco Catalyst 2960-24PC-L Switch
Cisco Catalyst 2960-24PC-S Switch
Cisco Catalyst 2960-24TC-L Switch
Cisco Catalyst 2960-24TC-S Switch
Cisco Catalyst 2960-24TT-L Switch
Cisco Catalyst 2960-48PST-L Switch
Cisco Catalyst 2960-48PST-S Switch
Cisco Catalyst 2960-48TC-L Switch
Cisco Catalyst 2960-48TC-S Switch
Cisco Catalyst 2960-48TT-L Switch
Cisco Catalyst 2960-48TT-S Switch
Cisco Catalyst 2960-8TC-L Compact Switch
Cisco Catalyst 2960-8TC-S Compact Switch
Cisco Catalyst 2960-Plus 24LC-L Switch
Cisco Catalyst 2960-Plus 24LC-S Switch
Cisco Catalyst 2960-Plus 24PC-L Switch
Cisco Catalyst 2960-Plus 24PC-S Switch
Cisco Catalyst 2960-Plus 24TC-L Switch
Cisco Catalyst 2960-Plus 24TC-S Switch
Cisco Catalyst 2960-Plus 48PST-L Switch
Cisco Catalyst 2960-Plus 48PST-S Switch
Cisco Catalyst 2960-Plus 48TC-L Switch
Cisco Catalyst 2960-Plus 48TC-S Switch
Cisco Catalyst 2960C-12PC-L Switch
Cisco Catalyst 2960C-8PC-L Switch
Cisco Catalyst 2960C-8TC-L Switch
Cisco Catalyst 2960C-8TC-S Switch
Cisco Catalyst 2960CG-8TC-L Compact Switch
Cisco Catalyst 2960CPD-8PT-L Switch
Cisco Catalyst 2960CPD-8TT-L Switch
Cisco Catalyst 2960CX-8PC-L Switch
Cisco Catalyst 2960CX-8TC-L Switch
Cisco Catalyst 2960G-24TC-L Switch
Cisco Catalyst 2960G-48TC-L Switch
Cisco Catalyst 2960G-8TC-L Compact Switch
Cisco Catalyst 2960L-16PS-LL Switch
Cisco Catalyst 2960L-16TS-LL Switch
Cisco Catalyst 2960L-24PS-LL Switch
Cisco Catalyst 2960L-24TS-LL Switch
Cisco Catalyst 2960L-48PS-LL Switch
Cisco Catalyst 2960L-48TS-LL Switch
Cisco Catalyst 2960L-8PS-LL Switch
Cisco Catalyst 2960L-8TS-LL Switch
Cisco Catalyst 2960PD-8TT-L Compact Switch
Cisco Catalyst 2960S-24PD-L Switch
Cisco Catalyst 2960S-24PS-L Switch
Cisco Catalyst 2960S-24TD-L Switch
Cisco Catalyst 2960S-24TS-L Switch
Cisco Catalyst 2960S-24TS-S Switch
Cisco Catalyst 2960S-48FPD-L Switch
Cisco Catalyst 2960S-48FPS-L Switch
Cisco Catalyst 2960S-48LPD-L Switch
Cisco Catalyst 2960S-48LPS-L Switch
Cisco Catalyst 2960S-48TD-L Switch
Cisco Catalyst 2960S-48TS-L Switch
2017年3月17日美国时间下午4点,Cisco官方网站发布Cisco IOS&IOS XE Software 集群管理协议(Cluster Management Protocol)存在远程代码执行漏洞。该漏洞目前为0day漏洞,危害等级高。该漏洞允许未授权访问,远程攻击者可以重启设备和远程执行代码提升权限。
Cisco IOS是Cisco的网际操作系统。是一个为网际互连优化的复杂的操作系统。是一个与硬件分离的软件体系结构,随网络技术的不断发展,可动态地升级以适应不断变化的技术(软件)。 根据FOFA系统显示,目前全球共有超过43万个对外可以访问(仅为全球分布情况,非漏洞影响情况)。其中美国超过3分之一。中国排使用量第二。该漏洞受影响设备达到319种型号。
Cisco IOS 全球分布(仅为全球分布情况,非漏洞影响情况) 本文来自无奈人生安全网
Cisco IOS 全球分布 TOP 10(仅为全球分布情况,非漏洞影响情况)
Cisco IOS 中国分布(仅为全球分布情况,非漏洞影响情况)
Cisco IOS 中国行政区域分布 TOP 10(仅为全球分布情况,非漏洞影响情况)
漏洞原理与危害
集群管理协议(Cluster Management Protocol)是集群成员之间内部使用TELNET来进行信号和命令控制的协议。该漏洞是由两个因素构成:
1. 未能限制使用CMP-specific Telnet选项只对内部,而是接受 Telnet连接到任何一个受影响的设备
2. CMP-specific Telnet的错误处理选项。
CMP-specific Telnet 选项是默认的,即使没有出现在设置的集群设置命令中。
攻击者可以利用此漏洞通过发送畸形CMP-specific Telnet选项,向受影响设备建立一个Telnet会话。漏洞可能允许远程攻击者执行任意代码,提升权限,完全控制受影响的设备或导致设备重启。
漏洞影响
漏洞影响如下版本的设备
Cisco Catalyst 2350-48TD-S Switch
Cisco Catalyst 2350-48TD-SD Switch
Cisco Catalyst 2360-48TD-S Switch
Cisco Catalyst 2918-24TC-C Switch
Cisco Catalyst 2918-24TT-C Switch
Cisco Catalyst 2918-48TC-C Switch
Cisco Catalyst 2918-48TT-C Switch
Cisco Catalyst 2928-24TC-C Switch
Cisco Catalyst 2960-24-S Switch
Cisco Catalyst 2960-24LC-S Switch
Cisco Catalyst 2960-24LT-L Switch
Cisco Catalyst 2960-24PC-L Switch
Cisco Catalyst 2960-24PC-S Switch
Cisco Catalyst 2960-24TC-L Switch
Cisco Catalyst 2960-24TC-S Switch
Cisco Catalyst 2960-24TT-L Switch
Cisco Catalyst 2960-48PST-L Switch
Cisco Catalyst 2960-48PST-S Switch
Cisco Catalyst 2960-48TC-L Switch
Cisco Catalyst 2960-48TC-S Switch
Cisco Catalyst 2960-48TT-L Switch
Cisco Catalyst 2960-48TT-S Switch
Cisco Catalyst 2960-8TC-L Compact Switch
Cisco Catalyst 2960-8TC-S Compact Switch
Cisco Catalyst 2960-Plus 24LC-L Switch
Cisco Catalyst 2960-Plus 24LC-S Switch
Cisco Catalyst 2960-Plus 24PC-L Switch
Cisco Catalyst 2960-Plus 24PC-S Switch
Cisco Catalyst 2960-Plus 24TC-L Switch
Cisco Catalyst 2960-Plus 24TC-S Switch
Cisco Catalyst 2960-Plus 48PST-L Switch
Cisco Catalyst 2960-Plus 48PST-S Switch
Cisco Catalyst 2960-Plus 48TC-L Switch
Cisco Catalyst 2960-Plus 48TC-S Switch
Cisco Catalyst 2960C-12PC-L Switch
Cisco Catalyst 2960C-8PC-L Switch
Cisco Catalyst 2960C-8TC-L Switch
Cisco Catalyst 2960C-8TC-S Switch
Cisco Catalyst 2960CG-8TC-L Compact Switch
Cisco Catalyst 2960CPD-8PT-L Switch
Cisco Catalyst 2960CPD-8TT-L Switch
Cisco Catalyst 2960CX-8PC-L Switch
Cisco Catalyst 2960CX-8TC-L Switch
Cisco Catalyst 2960G-24TC-L Switch 内容来自无奈安全网
Cisco Catalyst 2960G-48TC-L Switch
Cisco Catalyst 2960G-8TC-L Compact Switch
Cisco Catalyst 2960L-16PS-LL Switch
Cisco Catalyst 2960L-16TS-LL Switch
Cisco Catalyst 2960L-24PS-LL Switch
Cisco Catalyst 2960L-24TS-LL Switch
Cisco Catalyst 2960L-48PS-LL Switch
Cisco Catalyst 2960L-48TS-LL Switch
Cisco Catalyst 2960L-8PS-LL Switch
Cisco Catalyst 2960L-8TS-LL Switch
Cisco Catalyst 2960PD-8TT-L Compact Switch
Cisco Catalyst 2960S-24PD-L Switch
Cisco Catalyst 2960S-24PS-L Switch
Cisco Catalyst 2960S-24TD-L Switch
Cisco Catalyst 2960S-24TS-L Switch
Cisco Catalyst 2960S-24TS-S Switch
Cisco Catalyst 2960S-48FPD-L Switch
Cisco Catalyst 2960S-48FPS-L Switch
Cisco Catalyst 2960S-48LPD-L Switch
Cisco Catalyst 2960S-48LPS-L Switch
Cisco Catalyst 2960S-48TD-L Switch
Cisco Catalyst 2960S-48TS-L Switch
本文来自无奈人生安全网