Cisco IOS Vulnerability

Larry_Diffey · June 29, 2001, 11:35pm

CERT and Cisco have issued a warning about a vulnerability in the Cisco IOS starting at version 11.3 and affecting all later versions.

If your Cisco equipment is HTTP enabled and you’re not using TACACS+ or RADIUS for authentication it is vulnerable to complete takeover. The hack is very simple.

Please read the Cisco warning and/or the CERT advisory for further information.

The warnings were released yesterday.

Happy Hacker Stopping.

Larry Diffey

James_Smallacombe · June 30, 2001, 1:02am

Yeah, well who enables httpd on their Ciscos, anyway? Wait a sec, the
Catalysts have this enabled by default...

James Smallacombe PlantageNet, Inc. CEO and Janitor
up@3.am http://3.am

Roland_Dobbins2 · June 30, 2001, 4:08am

Now, if we could just stop people from posting to email lists
using HTML and/or RTF-formatted mail . . .

Larry Diffey wrote: