Cisco fixes fresh flaws in IOS

News

Cisco fixes fresh flaws in IOS

SearchSecurity.com Staff
Cisco Systems has fixed a pair of flaws in its Internetwork Operating System (IOS) that attackers could exploit to cause a denial of service or tamper with data in a device's file system.

The IOS improperly verifies user credentials within the FTP server, Cisco said in an advisory. Remote attackers could exploit this to "bypass the authentication process and retrieve or write any file from the device file system (including the configuration file)," the networking giant added. Also, an error in the FTP server surfaces when certain files are transferred. Remote attackers could use the error to cause a vulnerable device to reload, creating a denial-of-service condition.

The flaws affect Cisco IOS versions 11.3, 12.0, 12.1, 12.2, 12.3 and 12.4.

However, the IOS FTP server is an optional service disabled by default, Cisco noted. Devices that are not specifically configured to enable the IOS FTP server service are unaffected by the flaws.

Cisco has released a fix for the problems


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.
 

COMMENTS powered by Disqus  //  Commenting policy