nanog mailing list archives
RE: Cisco IOS Vulnerability
From: Vandy Hamidi <vhamidi () insweb com>
Date: Mon, 2 Jul 2001 16:30:07 -0700
Does this vulnerability affect CatOS as well? I was under the impression it was just IOS devices. -=Vandy=- -----Original Message----- From: up () 3 am [mailto:up () 3 am] Sent: Friday, June 29, 2001 6:03 PM To: Larry Diffey Cc: nanog () merit edu Subject: Re: Cisco IOS Vulnerability On Fri, 29 Jun 2001, Larry Diffey wrote:
CERT and Cisco have issued a warning about a vulnerability in the Cisco IOS starting at version 11.3 and affecting all later versions. If your Cisco equipment is HTTP enabled and you're not using TACACS+ or RADIUS for authentication it is vulnerable to complete takeover. The hack is very simple.
Yeah, well who enables httpd on their Ciscos, anyway? Wait a sec, the Catalysts have this enabled by default... James Smallacombe PlantageNet, Inc. CEO and Janitor up () 3 am http://3.am =========================================================================
Current thread:
- RE: Cisco IOS Vulnerability Vandy Hamidi (Jul 02)