RE: Cisco IOS Vulnerability

From: Vandy Hamidi (no email)
Date: Mon Jul 02 2001 - 19:30:07 EDT

• Next message: Daniel Golding: "RE: Getting an AS and /18"
• Previous message: Marius Strom: "Re: Getting an AS and /18"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Does this vulnerability affect CatOS as well? I was under the impression it
was just IOS devices.

        -=Vandy=-

-----Original Message-----
From: [mailto:]
Sent: Friday, June 29, 2001 6:03 PM
To: Larry Diffey
Cc:
Subject: Re: Cisco IOS Vulnerability

On Fri, 29 Jun 2001, Larry Diffey wrote:

> CERT and Cisco have issued a warning about a vulnerability in the
> Cisco IOS starting at version 11.3 and affecting all later versions.
>
> If your Cisco equipment is HTTP enabled and you're not using TACACS+
> or RADIUS for authentication it is vulnerable to complete takeover.
> The hack is very simple.

Yeah, well who enables httpd on their Ciscos, anyway? Wait a sec, the
Catalysts have this enabled by default...

James Smallacombe PlantageNet, Inc. CEO and Janitor
                                                            http://3.am
=========================================================================

• Next message: Daniel Golding: "RE: Getting an AS and /18"
• Previous message: Marius Strom: "Re: Getting an AS and /18"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]