All the latest UK technology news, reviews and analysis

Cisco warns of IOS security flaws

by Shaun Nichols

11 May 2007

Be the first to comment

  • Tweet this
Cisco Systems
Cisco has warned of vulnerabilities in IOS 11.3, 12.0, 12.1, 12.2, 12.3 and 12.4

Cisco Systems has warned administrators that several of the company's routers and switches could be vulnerable to attack. 

The vulnerabilities lie within a little-used component in IOS, an operating system used to control Cisco's networking hardware.

Further reading

IOS 11.3, 12.0, 12.1, 12.2, 12.3 and 12.4 all contain the vulnerability. The latest version of the software, IOS XR, is not affected.

An attacker could remotely exploit flaws in the FTP Server component of IOS to break into a network and steal data or execute malicious code. FTP is a protocol used to transfer files over a network.

IOS FTP Server is not enabled by default, and is usually used only to manage FTP servers. Cisco has issued an update that disables the component, but users can also manually disable FTP Server within IOS.

Cisco said that the offending component will be removed in all future IOS releases and will possibly be replaced by new FTP software at a later date.

The company recommends users to switch to IOS Secure Copy or Trivial File Transfer Protocol systems to transfer files.

Secunia rated the vulnerability 'moderately critical', the third of its five severity levels. 

The security firm noted that, while the vulnerabilities allow attackers to view files and remotely execute code, the affected component is not enabled by default.

Do you agree?

Add your comment
 

Add your comment

We won't publish your address
By submitting a comment you agree to abide by our Terms & Conditions. Your comment will be moderated before publication.
Submit your comment

Latest stories from Security

Security padlock image

Mykonos looks to thwart hacker intelligence with Web Security Software

Related white papers

Related videos

Related articles

Related jobs

Today's top stories

Cloud computing use is a major government IT strategy

Government departments face possibility of open source 'spot checks'

Samsung Galaxy S III running Android Ice Cream Sandwich

Samsung Galaxy S3 launch fails to attract iPhone-like crowds

hurricane-irene

American Express predicts online hurricane to blow big business away

Poll

Flame virus poll

Are you confident that the UK's IT infrastructure is secure from attack in the wake of the Flame malware revelations?

30%

2%

14%

54%

Features

The V3 hotseat

The V3 Hot Seat: Imperva CTO and co-founder Amichai Shulman

Flame in monitor screen

Quick guide to Flame malware attack

cookies

Quick guide to cookie law compliance

cookie

ICO sends out mixed messages on cookie law

More features

Connect with V3.co.uk

Sign up to our daily or weekly newsletters

Case studies and reports

Riso

Colour printing: why the bill keeps outstripping the budget

The wrong printers, for the wrong tasks on the wrong contracts

Qlikview

Magic quadrant for business intelligence platforms

Who leads the BI pack and who should we be watching out for?

Technology jobs

Project Manager (FATCA)

A client, a major financial services organisation, is...

Sharepoint Administrator, Birmingham, West Midlands

Sharepoint Administrator, Sharepoint 2010, Sharepoint...

PLC Control Engineers Wanted!

Proteus Europe, operating as an employment business...

Salesforce.com Senior and Leads

Salesforce.com Senior Consultants and Leads Salesforce...

To send to more than one email address, simply separate each address with a comma.