Cisco IOS Vulnerability

• Previous message (by thread): Cisco IOS Vulnerability
• Next message (by thread): Cisco IOS Vulnerability
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 29 Jun 2001, Larry Diffey wrote:

> CERT and Cisco have issued a warning about a vulnerability in the
> Cisco IOS starting at version 11.3 and affecting all later versions.
> 
> If your Cisco equipment is HTTP enabled and you're not using TACACS+
> or RADIUS for authentication it is vulnerable to complete takeover.  
> The hack is very simple.

Yeah, well who enables httpd on their Ciscos, anyway?  Wait a sec, the
Catalysts have this enabled by default...

James Smallacombe		      PlantageNet, Inc. CEO and Janitor
up at 3.am							    http://3.am
=========================================================================

• Previous message (by thread): Cisco IOS Vulnerability
• Next message (by thread): Cisco IOS Vulnerability
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]