Cisco routers suffer HTTP security flaw


Cisco routers suffer HTTP security flaw

Antony Savvas

Security researchers have reported a vulnerability in the web server code of Cisco’s main router operating system.

The flaw affects Cisco’s Internetwork Operating System (IOS) used in the majority of Cisco’s routers and switches.

Armed with only the IP address of the router, the flaw potentially allows remote attackers to gain administrative control of a router or run arbitrary code on networks.

The threat has been reported by both the Secunia and SecurityFocus internet security firms.

Using the opening, attackers can potentially view the data of a router’s memory, otherwise known as a memory dump. This can be used to gain administrator privileges.

Only Cisco routers running on IOS HTTP server software are affected. IOS HTTP is used as a less complicated way to implement and manage Cisco routers, as it is an alternative to text-based command line instructions.

Cisco routers with IOS software versions 11.0 and higher are vulnerable, as they ship with the HTTP server software.

The HTTP server feature is not enabled by default in most IOS versions installed on routers, although companies may find that their reseller or integrator has switched on the software.

Cisco says it is aware of the potential threat and is considering whether to issue a patch.


Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy