Home / Cisco patches system flaws

Cisco patches system flaws

Networking giant Cisco has fixed flaws in the software that runs the majority of the firm's routers and switches.

Networking giant Cisco has fixed flaws in the software that runs the majority of the firm's routers and switches.

The vendor's advisory said the vulnerabilities affect the IOS (Internetworking Operating System) FTP server feature and, if exploited, could give remote attackers the ability to bypass authentication, access passwords from device file systems and launch malicious code attacks.

"Unauthorised users could retrieve the device's startup-config file from the filesystem," Cisco said. "This file may contain information that could allow the attacker to gain escalated privileges."

The IOS FTP Server bug is triggered when files are being transferred through the device by FTP, which could give attackers a means of launching denial-of-service attacks.

However, the impact of the vulnerabilities is mitigated somewhat as the feature isn't enabled by default, Cisco said.

Cisco has released a fix that disables the IOS FTP server feature.