nanog mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Cisco IOS Vulnerability

From: Vandy Hamidi <vhamidi () insweb com>
Date: Mon, 2 Jul 2001 16:30:07 -0700 

Does this vulnerability affect CatOS as well?  I was under the impression it
was just IOS devices.

        -=Vandy=-

-----Original Message-----
From: up () 3 am [mailto:up () 3 am]
Sent: Friday, June 29, 2001 6:03 PM
To: Larry Diffey
Cc: nanog () merit edu
Subject: Re: Cisco IOS Vulnerability



On Fri, 29 Jun 2001, Larry Diffey wrote:


CERT and Cisco have issued a warning about a vulnerability in the
Cisco IOS starting at version 11.3 and affecting all later versions.

If your Cisco equipment is HTTP enabled and you're not using TACACS+
or RADIUS for authentication it is vulnerable to complete takeover.  
The hack is very simple.


Yeah, well who enables httpd on their Ciscos, anyway?  Wait a sec, the
Catalysts have this enabled by default...

James Smallacombe                     PlantageNet, Inc. CEO and Janitor
up () 3 am                                                          http://3.am
=========================================================================
Previous By Date Next
Previous By Thread Next

Current thread: