CVE-2012-0339

Name of the Vulnerable Software and Affected Versions Cisco IOS versions 12.2 through 12.4 and 15.0

Description The issue allows remote attackers to establish TELNET connections from arbitrary source IP addresses via a standard TELNET client. This occurs because Cisco IOS does not recognize the vrf-also keyword during enforcement of access-class commands.

Recommendations For Cisco IOS versions 12.2 through 12.4, consider restricting access to the TELNET service until a fix is available. For Cisco IOS version 15.0, consider restricting access to the TELNET service until a fix is available. As a temporary workaround, consider disabling the TELNET service to minimize the risk of exploitation.