Cisco IOS HTTP Server code injection/execution vulnerability

November 30, 2005

"It has been identified a vulnerability in the Cisco IOS Web Server. An attacker can inject arbitrary code in some of the dynamically generated web pages. To succesfully exploit the vulnerability the attacker only needs to know the IP of the Cisco. THERE'S NO NEED TO HAVE ACCESS TO THE WEB SERVER! Once the code has been inyected, attacker must wait until the admin browses some of the affected web pages."

This appears to be a posting by someone, with very poor english, who has found a new vulnerability in Cisco IOS. This has not yet been confirmed, but if you are using HTTP to manage your Cisco equipment you should switch to SSH. So many organizations still use TELNET to manage their network infrastructure. This greatly contributes to the "Hard outside, soft and chewy inside" theory of network security. SSH + TACACS = Good TELNET + Enable = Bad

Partial Advisory

prestitial ad