http://www.networkworld.com/news/2005/113005-cisco-ios.html By Phil Hochmuth NetworkWorld.com 11/30/05 Security researchers this week said they discovered a hole in the Web server code in Cisco's IOS software. The flaw could allow attackers - armed only with knowledge of the Cisco device's IP address - to gain administrative control of a Cisco device or run arbitrary code on the machine, according to claims. The vulnerability - as reported by the security organizations Secunia and SecurityFocus - could allow a potential attacker to view a memory dump (a record of the data in a router's memory) of an IOS router via the HTTP server and inject script code into the router through the HTTP server. Attackers could use this method to get administrator-level access to a Cisco router or switch or run code on the device. The vulnerability only affects Cisco routers running IOS HTTP servers, which are used as an alternative management interface to the text-based command line for configuring routers. Cisco IOS versions 11.0 and higher are vulnerable, due to the fact that they ship with the HTTP server software. The HTTP server is not enabled by default in most IOS versions installed on routers shipped from Cisco, according to the company's Web site. However resellers, carriers and other partners could enable the HTTP for management purposes when deploying the device in customer networks. Cisco is aware of the claims of the IOS HTTP vulnerability, a company spokesperson says, and is investigating the issue. An advisory will be sent to customers if deemed necessary by the company. _________________________________________ Earn your Master's degree in Information Security ONLINE www.msia.norwich.edu/csi Study IA management practices and the latest infosec issues. Norwich University is an NSA Center of Excellence.
This archive was generated by hypermail 2.1.3 : Thu Dec 01 2005 - 22:51:58 PST