[39266] in North American Network Operators' Group
Re: Cisco IOS Vulnerability
daemon@ATHENA.MIT.EDU (up@3.am)
Fri Jun 29 21:03:13 2001
Date: Fri, 29 Jun 2001 21:02:42 -0400 (EDT)
From: <up@3.am>
To: Larry Diffey <ldiffey@technologyforward.com>
Cc: nanog@merit.edu
In-Reply-To: <00fd01c100f4$26284c80$d9320a0a@LDIFFEY>
Message-ID: <Pine.BSF.4.10.10106292056350.26297-100000@richard2.pil.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Errors-To: owner-nanog-outgoing@merit.edu
On Fri, 29 Jun 2001, Larry Diffey wrote:
> CERT and Cisco have issued a warning about a vulnerability in the
> Cisco IOS starting at version 11.3 and affecting all later versions.
>
> If your Cisco equipment is HTTP enabled and you're not using TACACS+
> or RADIUS for authentication it is vulnerable to complete takeover.
> The hack is very simple.
Yeah, well who enables httpd on their Ciscos, anyway? Wait a sec, the
Catalysts have this enabled by default...
James Smallacombe PlantageNet, Inc. CEO and Janitor
up@3.am http://3.am
=========================================================================
