Number: AV17-066
Date: 11 May 2017
Purpose
The purpose of this advisory is to bring attention to the recently released Cisco Security Advisory.
Assessment
Cisco has released a Security Advisory to address a critical vulnerability in its Cluster Management Protocol (CMP) processing code which exists in Cisco IOS and Cisco IOS XE Software. Exploitation could allow a remote unauthenticated attacker to execute code and gain full control of an affected device.
A full list of affected devices can be found in Cisco’s Security Advisory.
CVE Reference: CVE-2017-3881
Suggested Action
CCIRC recommends that system administrators test and deploy the vendor-released updates to affected applications accordingly.
References:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170317-cmp