Cisco has announced that over 300 of their switches, many that are being sold right now, are vulnerable to an exploit that allows for the complete takeover of the device. A quick glance at the models that Cisco claims are affected shows some pretty high-end devices.
“An exploit could allow an attacker to execute arbitrary code and obtain full control of the device or cause a reload of the affected device.”
Considering how widely used Cisco’s networking equipment is, a bug like this could allow hackers to do some serious damage, and the thought of this getting loose in any sort of institution where people’s private information is being moved around is horrifying.
As of right now, Cisco says that there isn’t any good workaround for this bug but Cisco recommends applying ACLs as well as disabling telnet on any switches that are affected. I suggest doing both of those things anyways, unless you have a good reason to have telnet available.