The bug, revealed last Thursday, allows a malicious user to gain control of any Cisco router running IOS software. The bug affects all releases of the software, which controls most of Cisco's products, beginning with version 11.3. The bug affects "virtually all" mainstream Cisco routers and switches running IOS.
The vulnerability requires little skill to exploit: A malicious user can simply send a crafted URL and commands will be executed on the router or switch.
The bug allows an attacker to take control of routers at the highest level--level 15--without authorization. Routers are devices that control how data moves around the Internet; with such unauthorized control, hackers can stop Internet traffic, intercept information such as passwords and credit card numbers, or redirect traffic bound for one Web site to another.
Cisco said that when an HTTP server is enabled and users are authorized from a local database, it is possible for a hacker to bypass authentication and exercise complete control over the router.
The company is recommending that HTTP servers on routers be disabled. The problem can also be sidestepped by using Terminal Access Controller Access Control System (TACACS+) or Radius systems for authentication instead of a local database.
According to Cisco, the crafted URL used to exploit the bug takes the form: http:///level/xx/exec/.... Where xx is a number between 16 and 99.
The same URL will not be effective on every device, depending on the combination of hardware and software releases. But since there are only 84 combinations to try, they could all be tested in a short space of time, Cisco said.
Cisco said it has not had any reports of the bug being exploited. It was originally reported by independent users.
The company said it is providing a software upgrade to fix the problem, which will be available on its Web site .
Play video
There are currently no comments for this post.