Well, darn. Maybe the Cisco Kids shouldn't still be allowing 1970s-era Telnet protocol to be used to access their over 300 switching devices. That's really brain-dead. But then, it's free. Money. no cost, what's not to like?
The flaw, found in at least 318 switches, allows remote attackers to execute code that runs with elevated privileges, Cisco warned in an advisory published Friday. The bug resides in the Cisco Cluster Management Protocol (CMP), which uses the telnet protocol to deliver signals and commands on internal networks. It stems from a failure to restrict telnet options to local communications and the incorrect processing of malformed CMP-only telnet options.
Apart from the idiocy, that is. I still know telnet. Doesn't everyone?