- Posts: 181
- Thank you received: 0
Unpatched flaw in cisco IOS
18 years 11 months ago #11952
by ping
The greatest pleasure in life is doing what people say you can not do..!!
Unpatched flaw in cisco IOS was created by ping
A recent advisory from Cisco details an unpatched flaw in its IOS HTTP server.
The flaw could allow execution of malicious code against the device, or other cross-site scripting attacks depending on conditions. A proof of concept exploit has been created which attempts to reset the password on affected devices.
The vulnerability and above mentioned exploit were originally posted to BugTraq on November 28.
Although a patch is not currently availableCisco has provided several workarounds on the advisory page for the interim.
Info can be found www.securityfocus.com/brief/70
Workaround found www.cisco.com/warp/public/707/cisco-sa-20051201-http.shtml
Bugtraq Posting from November found here www.securityfocus.com/archive/1/417916
More information can be found on the page of poc.
Cheers..
~Pranav
The flaw could allow execution of malicious code against the device, or other cross-site scripting attacks depending on conditions. A proof of concept exploit has been created which attempts to reset the password on affected devices.
The vulnerability and above mentioned exploit were originally posted to BugTraq on November 28.
Although a patch is not currently availableCisco has provided several workarounds on the advisory page for the interim.
Info can be found www.securityfocus.com/brief/70
Workaround found www.cisco.com/warp/public/707/cisco-sa-20051201-http.shtml
Bugtraq Posting from November found here www.securityfocus.com/archive/1/417916
More information can be found on the page of poc.
Cheers..
~Pranav
The greatest pleasure in life is doing what people say you can not do..!!
18 years 11 months ago #11960
by jwj
-Jeremy-
Replied by jwj on topic Re: Unpatched flaw in cisco IOS
If you're running http server on a Cisco router...you're just asking for trouble anyways. 
-Jeremy-
Time to create page: 0.119 seconds