This article is more than 1 year old

How to own a Cisco router in one easy step

Small biz most at risk from IOS vulnerability

A potentially serious security flaw involving the Web administration tool used by Cisco routers has come to light.

The networking giant has issued a security notice warning that the HTTP server component of its Cisco IOS system software could allow a cracker to take control of a router and change its configuration.

Such an exploit normally involves network sniffing and the like, but this bug could be exploited to own someone's Cisco boxes using only a Web browser. Nasty.

It's been discovered that by sending a crafted URL (in the format http://<device_addres>/level/xx/exec...), a cracker can bypass authentication controls and execute any command, even those that can only be applied with special privileges, on a router.

In its security noticeon the subject, Cisco admitted, "when HTTP server is enabled and local authorisation is used, it is possible, under some circumstances, to bypass the authentication and execute any command on the device."

"In that case, the user will be able to exercise complete control over the device," it added.

The vulnerability was reported independently to Cisco by two security consultants and by management consultancy Ernst & Young. Cisco has stated it knows of no cases of malicious exploitation of the vulnerability.

All releases of Cisco IOS software, starting with release 11.3 and later, are vulnerable to the bug. This means virtually all mainstream Cisco routers and switches running Cisco IOS software are potentially affected.

Cisco has promised to produce updated versions of its IOS software in order to address the problem.

In the meantime, Cisco has suggested a workaround that involves either disabling HTTP server on a router or using either Terminal Access Controller Access Control System (TACACS+) or Radius for authentication.

Roy Hills, technical director of security testing specialists NTA Monitor, said that larger firms generally use authentication servers already so that, in practice, smaller firms are most at risk from the bug.

HTTP server is rarely used as a configuration tool on LAN switches, said Hills, who added that a properly configured firewall should block access to such administrative services. ®

External Links

CERT: Cisco IOS HTTP Server Authentication Vulnerability
... and Cisco's notice

Related Stories

SSH hits the fan for Cisco on security
Multiple flaws in Cisco router software exposed
Cisco routers vulnerable to easy attack
Cisco 600 routers offer cracker fun
LDAP flap as passwords put at risk

More about

TIP US OFF

Send us news


Other stories you might like