Symptom
Cisco IOS XE when persistent telnet is enabled includes a version of telnetd that is affected by the vulnerabilities identified by the following Common Vulnerability and Exposures (CVE) IDs:
CVE-2020-10188
This bug was opened to address the potential impact on this product.
See https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-telnetd-EFJrEzPx for additional information.
Conditions
Device has the persistent telnet server feature enabled.
Workaround
Disable the persistent telnet server feature.
Further Problem Description
PSIRT Evaluation
The Cisco PSIRT has assigned this bug the following CVSS version 3 score. The Base CVSS score as of the time of evaluation is 9.8:
https://tools.cisco.com/security/center/cvssCalculator.x?vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE ID CVE-2020-10188 has been assigned to document this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
