As reported by The Register, telecommunication companies may have received advance notice regarding a critical Telnet vulnerability before its public disclosure in January. This is suggested by a significant and sudden drop in global Telnet traffic observed by threat intelligence firm GreyNoise.On January 14, six days before the public advisories for CVE-2026-24061 were released, Telnet sessions plummeted by 65% within an hour and 83% within two hours. Daily sessions decreased by 59%, from an average of 914,000 to approximately 373,000. This drastic change, described by GreyNoise researchers as a "step function," indicates a configuration change rather than a natural shift in scanning behavior. The vulnerability, a decade-old bug in GNU InetUtils telnetd, allows for trivial root access exploitation. Notably, 18 operators, including major providers like BT and Vultr, saw their Telnet sessions drop to zero by January 15. In contrast, major cloud providers like AWS experienced an increase in Telnet traffic, likely due to their private peering infrastructure bypassing traditional transit paths.The observed traffic drop and subsequent filtering of port 23 suggest that one or more Tier 1 transit providers in North America might have implemented security measures in anticipation of the vulnerability's public disclosure.Source: The Register
Security Operations, Network Security, Vulnerability Management, Patch/Configuration Management
Telnet vulnerability: traffic drop suggests advance warning

(Adobe Stock)
An In-Depth Guide to Network Security
Get essential knowledge and practical strategies to fortify your network security.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds



