“It has been identified a vulnerability in the Cisco IOS Web Server. An attacker can inject arbitrary code in some of the dynamically generated web pages. To succesfully exploit the vulnerability the attacker only needs to know the IP of the Cisco. THERE’S NO NEED TO HAVE ACCESS TO THE WEB SERVER! Once the code has been inyected, attacker must wait until the admin browses some of the affected web pages.”

This appears to be a posting by someone, with very poor english, who has found a new vulnerability in Cisco IOS. This has not yet been confirmed, but if you are using HTTP to manage your Cisco equipment you should switch to SSH. So many organizations still use TELNET to manage their network infrastructure. This greatly contributes to the “Hard outside, soft and chewy inside” theory of network security.
TELNET + Enable = Bad

Partial Advisory


About the author

Paul Asadoorian is the Founder & CEO of Security Weekly, where the flagship show recently re-titled "Paul's Security Weekly" has been airing for over 8 years. By day he is the Product Evangelist for Tenable Network Security. Paul produces and hosts the various shows here at Security Weekly, all dedicated to providing the latest security news, interviews with the industries finest and technical how-to segments. Paul is also the founder and host of "The Stogie Geeks Show", featuring cigar reviews for cigar enthusiasts.