Link to home
Create AccountLog in
Avatar of sunhux
sunhux

asked on

Cisco buffer overflow vulnerability

Got an IPS alert that says " Telnet: Cisco Buffer Overflow Vulnerability (High)
Network Security Platform has detected a  "High (9)" attack.  
Attack type: Signature: telnet-cmd-too-long"

Can I correctly say:
a) if we don't have telnet service enabled on all our Cisco devices, then we're not
    vulnerable (even if telnet is enabled on some other legacy systems) ?
b) this only affects Cisco 676/677 devices, so if we don't have these devices in
     our environment, then we're not vulnerable

If I'm mistaken to make above 2 statements, do elaborate & explain
Avatar of sunhux
sunhux

ASKER

If we have PCs that do telnet to our AS400 servers, would this activity
trigger such alerts?
Avatar of sunhux

ASKER

Correction:
> Cisco 676/677
   should be
Cisco 678/677

The other question is we don't always get this alert, so is it likely that this is triggered
by telnet  from a PC to the AS400 host?  Or someone issued a different telnet access
this time round?
ASKER CERTIFIED SOLUTION
Avatar of Gary Patterson, CISSP
Gary Patterson, CISSP
Flag of United States of America image

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account