Cisco revealed multiple vulnerabilities in its IOS FTP server this week.
The flaws can result in DoS attacks or malicious users gaining unauthorized privileges.
Successful exploitation can allow remote users access to the IOS device’s filesystem, which can lead to DoS attacks, according to Cisco, which advised network administrators to disable the FTP server feature as a workaround.
The vulnerabilities exist in IOS versions 11 and 12, according to Cisco.
A Cisco representative could not immediately be reached for comment today.
One flaw exists when verifying user credentials in the IOS FTP server, while the other exists when transferring files via FTP server, according to vulnerability monitoring firms.
Adam Powers, Lancope CTO, told SCMagazine.com today that the flaws do not pose a major risk for networks because FTP server is turned off by default.
"You’re definitely going to have some lower-end administrators who have just messed up [and turned it on]. It’s usually human error in these cases that causes the problem," he said. "The fact is that this is not going to impact a large portion of the customer base."
Click here to email Online Editor Frank Washkuch Jr.