Cisco warns of IOS, OpenSSL flaws - Philadelphia Conshohocken Delaware Valley PA USA
Netforcement Header
Spacer Services Security Resources Case Studies About Contact Us

Cisco warns of IOS, OpenSSL flaws

12-05-05


(Philadelphia & Conshohocken, PA)

This security advisory applies to all Cisco products that run Cisco IOS Software versions 11.0 through 12.4 with the HTTP server enabled. A vulnerability exists in the IOS HTTP server in which HTML code inserted into dynamically generated output, such as the output from a show buffers command, will be passed to the browser requesting the page. This HTML code could be interpreted by the client browser and potentially execute malicious commands against the device or other possible cross-site scripting attacks. Successful exploitation of this vulnerability requires that a user browse a page containing dynamic content in which HTML commands have been injected.

Cisco Security Advisory IOS HTTP Server Command Injection Vulnerability


Cisco also acknowledged that several of its products are affected by an OpenSSL flaw.

Cisco Security Notice Response to OpenSSL - Potential SSL 2.0 Rollback





BACK to the Netforcement News Page.

REQUEST MORE INFORMATION On how Netforcement can help you secure the integrity of your network.

 
610.260.9989 | Request Info Privacy & Security Site Map | © 2006 Netforcement   
Footer1
Home Page Customer Login PGP Keys