[39332] in North American Network Operators' Group
RE: Cisco IOS Vulnerability
daemon@ATHENA.MIT.EDU (Vandy Hamidi)
Mon Jul 2 19:31:23 2001
Message-ID: <912A91BC69F4D3119D1B009027D0D40C01BB4080@exchange1.secure.insweb.com>
From: Vandy Hamidi <vhamidi@insweb.com>
To: "'up@3.am'" <up@3.am>,
Larry Diffey <ldiffey@technologyforward.com>
Cc: nanog@merit.edu
Date: Mon, 2 Jul 2001 16:30:07 -0700
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Errors-To: owner-nanog-outgoing@merit.edu
Does this vulnerability affect CatOS as well? I was under the impression it
was just IOS devices.
-=Vandy=-
-----Original Message-----
From: up@3.am [mailto:up@3.am]
Sent: Friday, June 29, 2001 6:03 PM
To: Larry Diffey
Cc: nanog@merit.edu
Subject: Re: Cisco IOS Vulnerability
On Fri, 29 Jun 2001, Larry Diffey wrote:
> CERT and Cisco have issued a warning about a vulnerability in the
> Cisco IOS starting at version 11.3 and affecting all later versions.
>
> If your Cisco equipment is HTTP enabled and you're not using TACACS+
> or RADIUS for authentication it is vulnerable to complete takeover.
> The hack is very simple.
Yeah, well who enables httpd on their Ciscos, anyway? Wait a sec, the
Catalysts have this enabled by default...
James Smallacombe PlantageNet, Inc. CEO and Janitor
up@3.am http://3.am
=========================================================================
