Cisco Systems has released an update for its IOS and IOS XE software to address a critical vulnerability that affects more than 300 of its switch models. The vulnerability resides in the Cluster Management Protocol (CMP) which uses Telnet or SSH to deliver signals and commands on internal networks. Once exploited, an unauthenticated, remote attacker can remotely execute malicious code on a device with elevated privileges to take full control of the device or cause a reboot. The company identified the vulnerability in its product while analyzing “Vault 7” dump.
Source: https://thehackernews.com/2017/05/cisco-network-switch-update.html