Cisco Warns of Flaw in Routers

Cisco Systems Inc. today issued an alert
warning of a serious security flaw in many of its Internet routers,
pricey devices that direct a large portion of the world's Web and
e-mail traffic. Cisco said attackers could use the flaw to seize
control over vulnerable routers.

This report comes from Security Fix, but several sites have picked it up.  C|Net adds some more details:

The vulnerability disclosed on Wednesday doesn't affect all
versions of IOS, Cisco said. Furthermore, the vulnerability exists only
if the Firewall Authentication Proxy for FTP and Telnet Sessions is in
use, Cisco said. That component of IOS handles authentication requests
for file transfer and telnet sessions.

Affected are those devices running IOS versions 12.2ZH and
12.2ZL, 12.3, 12.3T, 12.4 and 12.4T, Cisco said. Users can log on to
their Cisco device and enter the “show version” command to determine
which version of IOS it is running, Cisco said. The company rates the
issue as a “medium” urgency.

Symantec advises users who can't install the patch immediately to
disable the Firewall Authentication Proxy for FTP and Telnet Sessions
or limit access to the service to trusted hosts and networks.


Author: Xavier Ashe

Entrepreneur, Infosec Executive, CISSP, CISM, Ironman triathlete, traveler, UU, paleo, father of 8, goyishe, gamer, & geek.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s