UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The firewall must not be listening for telnet service.


Overview

Finding ID Version Rule ID IA Controls Severity
V-72879 NET0378 SV-87531r1_rule ECSC-1 Medium
Description
Telnet is an unencrypted service which can be easily exploited, especially when used over a public network such as the internet. With telnet enabled on the firewall, an attacker may be able to send spoofed packets through the firewall and consume the firewall’s memory, causing a denial of service on the device. Telnet service is vulnerable to many exploits which can compromise the network device if enabled.
STIG Date
Firewall Security Technical Implementation Guide - Cisco 2016-12-21

Details

Check Text ( C-73013r1_chk )
Have the firewall admin enter the following command to verify if the firewall is listening to telnet port 23 or 1467:

show asp table socket

ciscoasa# show asp table socket

Protocol Socket State Local Address Foreign Address

TCP 0000f668 LISTEN 2.0.0.1:23 0.0.0.0:*

If the firewall is listening to telnet port 23 or 1467, this is a finding.
Fix Text (F-79321r1_fix)
Disable telnet and verify the firewall is not listening to port 23 or 1467 as shown in the following example:

no telnet 2.0.0.2 255.255.255.255 inside


ciscoasa# show asp table socket

Protocol Socket State Local Address Foreign Address

ciscoasa#