Cisco announced a remote code execution vulnerability that affects telnet on catalyst series devices. Once again this has to do with the documents leaked by Wikileaks, known as Vault 7.
Cisco recommends to enable only SSH access on the devices affected, if possible. For devices that do not support SSH, VTY access lists may be applied to reduce the risk.
More information about the vulnerability and the devices affected, can be found here.