[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Cisco IOS vulnerability



And just to add to what Brian said...

I'd hope no one as the http server activate on their routers or switches in 
the first place, and if anyone has, I hope that it is properly protected as 
you would protect your vty's, SNMP, and other access... (filters, TACACS+, etc)

This and other security BCPs are in Cisco IOS Essentials, mentioned earlier...

philip
--

At 17:31 25/07/2001 +0100, Brian Candler wrote:
>Anyone with a Cisco switch or router needs to read this:
>http://www.cisco.com/warp/public/707/IOS-httplevel-pub.html
>
>Basically if you have HTTP access turned on, anyone on the Internet can have
>full access to it without any restriction, e.g. using a URL like this:
>http://x.x.x.x/level/17/exec/show%20conf
>N.B. The "17" may have to be changed to another number (16-99) depending on
>version of IOS and hardware config.
>
>Brian.
>
>-----
>This is the afnog mailing list, managed by Majordomo 1.94.4
>
>To send a message to this list, e-mail afnog at afnog.org
>To send a request to majordomo, e-mail majordomo at afnog.org and put
>your request in the body of the message (i.e use "help" for help)
>
>This list is maintained by owner-afnog at afnog.org


-----
This is the afnog mailing list, managed by Majordomo 1.94.4

To send a message to this list, e-mail afnog at afnog.org
To send a request to majordomo, e-mail majordomo at afnog.org and put
your request in the body of the message (i.e use "help" for help)

This list is maintained by owner-afnog at afnog.org