UCF STIG Viewer Logo

The firewall must not be listening for telnet service.


Overview

Finding ID Version Rule ID IA Controls Severity
V-72879 NET0378 SV-87531r1_rule Medium
Description
Telnet is an unencrypted service which can be easily exploited, especially when used over a public network such as the internet. With telnet enabled on the firewall, an attacker may be able to send spoofed packets through the firewall and consume the firewall’s memory, causing a denial of service on the device. Telnet service is vulnerable to many exploits which can compromise the network device if enabled.
STIG Date
Firewall Security Technical Implementation Guide - Cisco 2017-12-07

Details

Check Text ( C-73013r1_chk )
Have the firewall admin enter the following command to verify if the firewall is listening to telnet port 23 or 1467:

show asp table socket

ciscoasa# show asp table socket

Protocol Socket State Local Address Foreign Address

TCP 0000f668 LISTEN 2.0.0.1:23 0.0.0.0:*

If the firewall is listening to telnet port 23 or 1467, this is a finding.
Fix Text (F-79321r1_fix)
Disable telnet and verify the firewall is not listening to port 23 or 1467 as shown in the following example:

no telnet 2.0.0.2 255.255.255.255 inside


ciscoasa# show asp table socket

Protocol Socket State Local Address Foreign Address

ciscoasa#