Cisco fixes fresh flaws in IOS

News

Cisco fixes fresh flaws in IOS

SearchSecurity.com Staff
Cisco Systems has fixed a pair of flaws in its Internetwork Operating System (IOS) that attackers could exploit to cause a denial of service or tamper with data in a device's file system.

The IOS improperly verifies user credentials within the FTP server, Cisco said in an advisory. Remote attackers could exploit this to "bypass the authentication process and retrieve or write any file from the device file system (including the configuration file)," the networking giant added. Also, an error in the FTP server surfaces when certain files are transferred. Remote attackers could use the error to cause a vulnerable device to reload, creating a denial-of-service condition.

The flaws affect Cisco IOS versions 11.3, 12.0, 12.1, 12.2, 12.3 and 12.4.

However, the IOS FTP server is an optional service disabled by default, Cisco noted. Devices that are not specifically configured to enable the IOS FTP server service are unaffected by the flaws.

Cisco has released a fix for the problems


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy