News

Cisco routers suffer HTTP security flaw

Antony Savvas

Security researchers have reported a vulnerability in the web server code of Cisco’s main router operating system.

The flaw affects Cisco’s Internetwork Operating System (IOS) used in the majority of Cisco’s routers and switches.

Armed with only the IP address of the router, the flaw potentially allows remote attackers to gain administrative control of a router or run arbitrary code on networks.

The threat has been reported by both the Secunia and SecurityFocus internet security firms.

Using the opening, attackers can potentially view the data of a router’s memory, otherwise known as a memory dump. This can be used to gain administrator privileges.

Only Cisco routers running on IOS HTTP server software are affected. IOS HTTP is used as a less complicated way to implement and manage Cisco routers, as it is an alternative to text-based command line instructions.

Cisco routers with IOS software versions 11.0 and higher are vulnerable, as they ship with the HTTP server software.

The HTTP server feature is not enabled by default in most IOS versions installed on routers, although companies may find that their reseller or integrator has switched on the software.

Cisco says it is aware of the potential threat and is considering whether to issue a patch.


 


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy