Hot Downloads

Welcome, Guest
Username: Password: Remember me

TOPIC: Unpatched flaw in cisco IOS

Unpatched flaw in cisco IOS 10 years 9 months ago #11952

  • ping
  • ping's Avatar
  • Offline
  • Distinguished Member
  • Posts: 181
  • Karma: 0
A recent advisory from Cisco details an unpatched flaw in its IOS HTTP server.

The flaw could allow execution of malicious code against the device, or other cross-site scripting attacks depending on conditions. A proof of concept exploit has been created which attempts to reset the password on affected devices.

The vulnerability and above mentioned exploit were originally posted to BugTraq on November 28.


Although a patch is not currently availableCisco has provided several workarounds on the advisory page for the interim.

Info can be found http://www.securityfocus.com/brief/70

Workaround found http://www.cisco.com/warp/public/707/cisco-sa-20051201-http.shtml

Bugtraq Posting from November found here http://www.securityfocus.com/archive/1/417916
More information can be found on the page of poc.


Cheers.. :D

~Pranav
The greatest pleasure in life is doing what people say you can not do..!!
The administrator has disabled public write access.

Re: Unpatched flaw in cisco IOS 10 years 9 months ago #11960

  • jwj
  • jwj's Avatar
  • Offline
  • Senior Member
  • Posts: 350
  • Karma: 0
If you're running http server on a Cisco router...you're just asking for trouble anyways. :wink:
-Jeremy-
The administrator has disabled public write access.

Re: Unpatched flaw in cisco IOS 10 years 9 months ago #11978

  • jhun
  • jhun's Avatar
  • Offline
  • Senior Member
  • Posts: 356
  • Karma: 0
well there seems to be more vulnerabilities found on cisco lately.

:roll:
The administrator has disabled public write access.
Time to create page: 0.078 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup