Cisco IOS HTTP Authorization Vulnerability Cisco IOS HTTP Authorization Vulnerability

High Performance Computing

Sep 17, 2024

4 Min Read

AI chip

GPU Costs Aren't Infinitely Scalable — What Can Be Done?GPU Costs Aren't Infinitely Scalable — What Can Be Done?

stacks of blocks in digital environment

Sep 13, 2024

4 Min Read

Recent in OS

See All OS

Linux OS

Top 10 Stories About Compute Engines, Linux of 2024 So Far Top 10 Stories About Compute Engines, Linux of 2024 So Far

byITPro Today Staff

Jul 17, 2024

3 Min Read

empty cockpit of autonomous car

Operating Systems

What Is a Real-Time Operating System, and Who Needs One?What Is a Real-Time Operating System, and Who Needs One?

4 different colored figures standing on different sized piles of coins

Mar 5, 2024

6 Min Read

IT Mgmt

Recent in IT Mgmt

See All IT Mgmt

6 Decades After Civil Rights Act, Racial Pay Gap in IT Persists 6 Decades After Civil Rights Act, Racial Pay Gap in IT Persists

byJoe Milan

Sep 19, 2024

9 Min Read

"AI" in front of code

Creating an Enterprise AI Stack: Key Considerations for Enterprises Creating an Enterprise AI Stack: Key Considerations for Enterprises

4 different colored figures standing on different sized piles of coins

Sep 18, 2024

6 Min Read

Career

Recent in Career

See All Career Mgmt

6 Decades After Civil Rights Act, Racial Pay Gap in IT Persists 6 Decades After Civil Rights Act, Racial Pay Gap in IT Persists

byJoe Milan

Sep 19, 2024

9 Min Read

ITPro Today's tech careers quick reference guide cover

Career Management

Tech Careers: Quick Reference Guide to IT Job Titles Tech Careers: Quick Reference Guide to IT Job Titles

a moving cloud shape with the words object storage inside

Sep 13, 2024

1 Min Read

Storage

Recent in Storage

See All Data Storage

Data Storage

Maximize Cloud Efficiency: What Is Object Storage?Maximize Cloud Efficiency: What Is Object Storage?

byBrien Posey

Sep 10, 2024

7 Min Read

an AI processor chip in a cube

A Guide to Storage for AI Workloads A Guide to Storage for AI Workloads

list of domains within the umbrella category of IT security

Sep 9, 2024

4 Min Read

Security

Recent in Security

See All IT Security

IT Security

What Is IT Security? Essentials of IT Security Explained What Is IT Security? Essentials of IT Security Explained

byBrien Posey

Sep 16, 2024

7 Min Read

code-filled DevOps symbol in front of more code

DevOps

Unlock Business Value Through Effective DevOps Infrastructure Management Unlock Business Value Through Effective DevOps Infrastructure Management

continuous glucose monitor on a smartphone app

Sep 6, 2024

7 Min Read

Dev

Recent in Dev

See All Software Dev

Unlocking the Power of AI and ML to Improve Remote Patient Monitoring Unlocking the Power of AI and ML to Improve Remote Patient Monitoring

brown paper peeled back to reveal the word "accessibility?

Sep 9, 2024

6 Min Read

IT Operations

Building an Accessible Future in the Private Sector Building an Accessible Future in the Private Sector

See All Digital Transformation

Sep 3, 2024

5 Min Read

Recent in DX

continuous glucose monitor on a smartphone app

Unlocking the Power of AI and ML to Improve Remote Patient Monitoring Unlocking the Power of AI and ML to Improve Remote Patient Monitoring

an AI processor chip in a cube

Sep 9, 2024

6 Min Read

A Guide to Storage for AI Workloads A Guide to Storage for AI Workloads

High Performance Computing

Sep 9, 2024

4 Min Read

Infrastructure

Recent in Infrastructure

See All Infrastructure

AI chip

GPU Costs Aren't Infinitely Scalable — What Can Be Done?GPU Costs Aren't Infinitely Scalable — What Can Be Done?

stacks of blocks in digital environment

Sep 13, 2024

4 Min Read

Linux OS

Top 10 Stories About Compute Engines, Linux of 2024 So Far Top 10 Stories About Compute Engines, Linux of 2024 So Far

byITPro Today Staff

Jul 17, 2024

3 Min Read

Newsletters
How To…?
Industry Perspectives
Business Resources
Reports/Research
Online Events

Live Events
Videos
White Papers
Advertise With Us
About Us

Resource Library

Cisco Cloud
Cloud Computing
Private Cloud

Cisco IOS HTTP Authorization Vulnerability

A Vulnerability exists in Cisco’s Internetwork Operating System HTTP server that allows an unauthorized user to bypass authentication and exercise complete control over the device by sending a crafted URL.

Ken Pfeil

July 13, 2001

2 Min Read

Reported June 27, 2001, by CiscoSystems.

VERSIONS AFFECTED

AllCisco Products using the Internetwork Operating System release 11.3 or later,including (but not limited to):

800, 1000, 1005, 1400, 1600, 1700, 2500, 2600, 3600, MC3810, 4000, 4500, 4700, 6200, 6400 NRP, 6400 NSP series Cisco routers
ubr900 and ubr920 universal broadband routers
Catalyst 2900 ATM, 2900XL, 2948g, 3500XL, 4232, 4840g, 5000 RSFC series switches
5200, 5300, 5800 series access servers
Catalyst 6000 MSM, 6000 Hybrid Mode, 6000 Native Mode, 6000 Supervisor Module, Catalyst ATM Blade
RSM, 7000, 7010, 7100, 7200, ubr7200, 7500, 10000 ESR, and 12000 GSR series Cisco routers
DistributedDirector
Catalyst 8510CSR, 8510MSR, 8540CSR, 8540MSR series switches

DESCRIPTION
Avulnerability exists in Cisco’s Internetwork Operating System HTTP server thatlets an unauthorized user bypass authentication and exercise complete controlover the device by sending a crafted URL. An attacker can exploit thisvulnerability only by using a local database for authentication (with usernamesand passwords being defined on the device itself). Although using the same URLwould not be effective against every Cisco Internet Operating System softwareand hardware combination, 84 different combinations are possible.

VENDOR RESPONSE

Ciscohas issued a noticeregarding this vulnerability. To work around this problem, users can disable the HTTP server on the router, or use another authentication method (e.g., RADIUS). The company recommends that users obtain a firmware upgrade through the Software Center on Cisco's Website or through Cisco's distribution channels.

CREDIT
Discovered by Cisco Systems.

About the Author

Ken Pfeil

See more from Ken Pfeil

Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

Newsletter Sign-Up

Editor's Choice

a stressed employee at their laptop and collaboration icons gone amok

Unified Communications

Microsoft Teams Is Acting Up. What Can We Do?Microsoft Teams Is Acting Up. What Can We Do?

byBrien Posey

Sep 12, 2024

4 Min Read

person placing a block between two columns of blocks