IT Pro Today is part of the Informa Tech Division of Informa PLC

INFORMA PLC|ABOUT US|INVESTOR RELATIONS|TALENT

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Documents Online Events Advertise About

Newsletter Sign-Up

Cloud

Recent in Cloud

SEE ALL Cloud

cloud computing key on keyboard

Cloud Computing

Building Resilient Cloud Architectures for Post-Disaster IT Recovery Building Resilient Cloud Architectures for Post-Disaster IT Recovery

byIndustry Perspectives

Nov 20, 2024

8 Min Read

Chris Aniszczyk, CTO of the Cloud Native Computing Foundation

Cloud Computing

KubeCon 2024: Innovations and Milestones Shape Future of Cloud-Native Tech KubeCon 2024: Innovations and Milestones Shape Future of Cloud-Native Tech

bySean Michael Kerner

Nov 18, 2024

5 Min Read

Recent in OS

See All OS

empty cockpit of autonomous car

Operating Systems

What Is a Real-Time Operating System, and Who Needs One?What Is a Real-Time Operating System, and Who Needs One?

byChristopher Tozzi

Mar 5, 2024

6 Min Read

cubes with arrows and checkmarks illustrating a validation process

PowerShell

PowerShell Parameter Validation: Ensuring Valid Input for Functions PowerShell Parameter Validation: Ensuring Valid Input for Functions

byBrien Posey

Feb 20, 2024

4 Min Read

IT Mgmt

Recent in IT Mgmt

See All IT Mgmt

jobs key on keyboard

Career Management

IT Jobs Outlook 2025: Evolving Skills, AI, Workplace Flexibility Will Shape IT Workforce IT Jobs Outlook 2025: Evolving Skills, AI, Workplace Flexibility Will Shape IT Workforce

byNathan Eddy

Nov 20, 2024

8 Min Read

the letters ITSM behind a screwdriver and wrench

IT Management

SolarWinds Report Reveals Surprising Trends in ITSM Efficiency SolarWinds Report Reveals Surprising Trends in ITSM Efficiency

bySean Michael Kerner

Nov 14, 2024

4 Min Read

Career

Recent in Career

See All Career Mgmt

jobs key on keyboard

Career Management

IT Jobs Outlook 2025: Evolving Skills, AI, Workplace Flexibility Will Shape IT Workforce IT Jobs Outlook 2025: Evolving Skills, AI, Workplace Flexibility Will Shape IT Workforce

byNathan Eddy

Nov 20, 2024

8 Min Read

Amazon’s HQ2 campus in Arlington, Virginia

Career Management

Amazon Makes It Harder for Disabled Employees to Work From Home Amazon Makes It Harder for Disabled Employees to Work From Home

byBloomberg News

Nov 13, 2024

4 Min Read

Storage

Recent in Storage

See All Data Storage

A silver and gray cloud data protection icon showing a cloud with a lock inside of it.

Data Backup

Data Protection Is Critical in the Multi-Cloud Data Protection Is Critical in the Multi-Cloud

byBrandon Taylor

Oct 31, 2024

5 Min View

mainframe

IT Infrastructure

Mainframe Technology Is Far From Obsolete Mainframe Technology Is Far From Obsolete

byIndustry Perspectives

Oct 24, 2024

4 Min Read

Security

Recent in Security

See All IT Security

artwork showing fingerprint and binary code

Regulatory Compliance

Why Future-proofing Cybersecurity Regulatory Frameworks Is Essential Why Future-proofing Cybersecurity Regulatory Frameworks Is Essential

byIndustry Perspectives

Nov 12, 2024

6 Min Read

above hands typing on a keyboard there is an alert icon surrounded by binary code

Vulnerabilities & Threats

Cybersecurity Developments & Priorities: November 2024 Cybersecurity Developments & Priorities: November 2024

byITPro Today Staff

Nov 5, 2024

4 Min Read

Dev

Recent in Dev

See All Software Dev

software developer working at his workstation

Software Development

From Declarative to Iterative: How Software Development Is Evolving From Declarative to Iterative: How Software Development Is Evolving

byLisa Morgan, InformationWeek

Nov 18, 2024

1 Min Read

artwork showing fingerprint and binary code

Regulatory Compliance

Why Future-proofing Cybersecurity Regulatory Frameworks Is Essential Why Future-proofing Cybersecurity Regulatory Frameworks Is Essential

byIndustry Perspectives

Nov 12, 2024

6 Min Read

Recent in DX

See All Digital Transformation

the microsoft hololens glasses on display

Digital Transformation

What Comes After HoloLens 2? Exploring Microsoft’s AR/VR Future What Comes After HoloLens 2? Exploring Microsoft’s AR/VR Future

byBrien Posey

Nov 15, 2024

3 Min Read

a 3d printer in the process of printing an object

Digital Transformation

How To Repair Corrupt STL Files for 3D Printing How To Repair Corrupt STL Files for 3D Printing

byIndustry Perspectives

Nov 14, 2024

3 Min Read

Infrastructure

Recent in Infrastructure

See All Infrastructure

AIOps

Ops and More

Transforming Enterprise Networks With AIOps: A New Era of Intelligent Connectivity Transforming Enterprise Networks With AIOps: A New Era of Intelligent Connectivity

byForrester Blog Network

Nov 11, 2024

4 Min Read

mainframe

IT Infrastructure

Mainframe Technology Is Far From Obsolete Mainframe Technology Is Far From Obsolete

byIndustry Perspectives

Oct 24, 2024

4 Min Read

Newsletters
How To…?
Industry Perspectives
Business Resources
Reports/Research
Online Events

Live Events
Videos
White Papers
Advertise With Us
About Us

Resource Library

Cisco Cloud
Cloud Computing
Private Cloud

Cisco IOS HTTP Authorization Vulnerability

A Vulnerability exists in Cisco’s Internetwork Operating System HTTP server that allows an unauthorized user to bypass authentication and exercise complete control over the device by sending a crafted URL.

Ken Pfeil

July 13, 2001

2 Min Read

Reported June 27, 2001, by CiscoSystems.

VERSIONS AFFECTED

AllCisco Products using the Internetwork Operating System release 11.3 or later,including (but not limited to):

800, 1000, 1005, 1400, 1600, 1700, 2500, 2600, 3600, MC3810, 4000, 4500, 4700, 6200, 6400 NRP, 6400 NSP series Cisco routers
ubr900 and ubr920 universal broadband routers
Catalyst 2900 ATM, 2900XL, 2948g, 3500XL, 4232, 4840g, 5000 RSFC series switches
5200, 5300, 5800 series access servers
Catalyst 6000 MSM, 6000 Hybrid Mode, 6000 Native Mode, 6000 Supervisor Module, Catalyst ATM Blade
RSM, 7000, 7010, 7100, 7200, ubr7200, 7500, 10000 ESR, and 12000 GSR series Cisco routers
DistributedDirector
Catalyst 8510CSR, 8510MSR, 8540CSR, 8540MSR series switches

DESCRIPTION
Avulnerability exists in Cisco’s Internetwork Operating System HTTP server thatlets an unauthorized user bypass authentication and exercise complete controlover the device by sending a crafted URL. An attacker can exploit thisvulnerability only by using a local database for authentication (with usernamesand passwords being defined on the device itself). Although using the same URLwould not be effective against every Cisco Internet Operating System softwareand hardware combination, 84 different combinations are possible.

VENDOR RESPONSE

Ciscohas issued a noticeregarding this vulnerability. To work around this problem, users can disable the HTTP server on the router, or use another authentication method (e.g., RADIUS). The company recommends that users obtain a firmware upgrade through the Software Center on Cisco's Website or through Cisco's distribution channels.

CREDIT
Discovered by Cisco Systems.

About the Author

Ken Pfeil

See more from Ken Pfeil

Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

Newsletter Sign-Up

Editor's Choice

the interface of the PowerShell search tool with a hand holding a magnifying glass on a background of a blue sky and clouds in the shape of gears

PowerShell

How I Built My Own PowerShell Multi-File Search Tool

Oct 22, 2024

burnout gif featuring a mannequin surrounded by office technology on fire

Career Tips

Am I Burned Out? How To Identify and Address Burnout in IT

Oct 24, 2024

MLOps

Ops and More

Choosing Between Cloud and On-Prem MLOps: What's Best for Your Needs?

Oct 23, 2024

Exclusive ITPro Resources

BCDR Basics: A Quick Reference Guide for Business Continuity & Disaster Recovery
Oct 10, 2024
|
1 Min Read
ITPro Today’s 2024 IT Priorities Report
Sep 25, 2024
|
1 Min Read
Tech Careers: Quick Reference Guide to IT Job Titles
Sep 13, 2024
|
1 Min Read
Migrating From VMware: Guide to a Successful Transition
Sep 3, 2024
|
1 Min Read