Cisco patches system flaws

Networking giant Cisco has fixed flaws in the software that runs the majority of the firm's routers and switches.

  • E-Mail
By  Administrator Published  May 17, 2007

Networking giant Cisco has fixed flaws in the software that runs the majority of the firm's routers and switches.

The vendor's advisory said the vulnerabilities affect the IOS (Internetworking Operating System) FTP server feature and, if exploited, could give remote attackers the ability to bypass authentication, access passwords from device file systems and launch malicious code attacks.

"Unauthorised users could retrieve the device's startup-config file from the filesystem," Cisco said. "This file may contain information that could allow the attacker to gain escalated privileges."

The IOS FTP Server bug is triggered when files are being transferred through the device by FTP, which could give attackers a means of launching denial-of-service attacks.

However, the impact of the vulnerabilities is mitigated somewhat as the feature isn't enabled by default, Cisco said.

Cisco has released a fix that disables the IOS FTP server feature.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code