Cisco is warning of a new critical zero-day IOS / IOS XE vulnerability that affects more than 300 of its switch models. A vulnerability CVE-2017-3881 in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected device or remotely execute code with elevated privileges. An attacker could exploit this vulnerability by sending malformed CMP-specific Telnet options while establishing a Telnet session with an affected Cisco device configured to accept Telnet connections. Currently, this vulnerability is unpatched, and until patches are available, Cisco recommends its users to disable the Telnet connection to the switch devices in favor of SSH.