A remote code execution vulnerability has been discovered in all version of the Point-to-Point Protocol included on Linux systems for the last 17 years.
The vulnerability allows an unauthenticated attacker to send a specially crafted packet to the PPP daemon (pppd), force a buffer overflow and execute arbitrary code.
The PPP protocol is used for serial connections over dial up modems, ISDN and some VPN connections. It is also supported over Ethernet, SSH, GPRS and ATM Networks. While there may be few of these serial connections still in use in your data centre today, the PPP daemon may still be running or perhaps listening on an old ISDN emergency backup link.
The PPP protocol is also used by some turnkey systems from Cisco and Synology, as detailed in the CVE listing on Mitre.
This issue is tracked as CVE-2020-8597 and scores a 9.8 CVSS as it could enable an unauthenticated attacker to compromise and take over the server.
It is good security hygiene to regularly review the active processes and protocols enabled on each server to determine if any are no longer required and can be shut down. This will reduce the attack surface of your network.