Cisco IOS Vulnerability
up at 3.am
up at 3.am
Sat Jun 30 01:02:42 UTC 2001
On Fri, 29 Jun 2001, Larry Diffey wrote:
> CERT and Cisco have issued a warning about a vulnerability in the
> Cisco IOS starting at version 11.3 and affecting all later versions.
>
> If your Cisco equipment is HTTP enabled and you're not using TACACS+
> or RADIUS for authentication it is vulnerable to complete takeover.
> The hack is very simple.
Yeah, well who enables httpd on their Ciscos, anyway? Wait a sec, the
Catalysts have this enabled by default...
James Smallacombe PlantageNet, Inc. CEO and Janitor
up at 3.am http://3.am
=========================================================================
More information about the NANOG
mailing list