Security Operations, Network Security, Vulnerability Management, Patch/Configuration Management

Telnet vulnerability: traffic drop suggests advance warning

(Adobe Stock)

As reported by The Register, telecommunication companies may have received advance notice regarding a critical Telnet vulnerability before its public disclosure in January. This is suggested by a significant and sudden drop in global Telnet traffic observed by threat intelligence firm GreyNoise.

On January 14, six days before the public advisories for CVE-2026-24061 were released, Telnet sessions plummeted by 65% within an hour and 83% within two hours. Daily sessions decreased by 59%, from an average of 914,000 to approximately 373,000. This drastic change, described by GreyNoise researchers as a "step function," indicates a configuration change rather than a natural shift in scanning behavior. The vulnerability, a decade-old bug in GNU InetUtils telnetd, allows for trivial root access exploitation. Notably, 18 operators, including major providers like BT and Vultr, saw their Telnet sessions drop to zero by January 15. In contrast, major cloud providers like AWS experienced an increase in Telnet traffic, likely due to their private peering infrastructure bypassing traditional transit paths.

The observed traffic drop and subsequent filtering of port 23 suggest that one or more Tier 1 transit providers in North America might have implemented security measures in anticipation of the vulnerability's public disclosure.

Source: The Register

An In-Depth Guide to Network Security

Get essential knowledge and practical strategies to fortify your network security.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds