Vulnerability Puts Cisco, Users on Their Toes
Mike Lynn quit his job at ISS to give a Black Hat conference presentation on vulnerabilities in Cisco routers--vulnerabilities that you should watch for.
August 12, 2005
All drama aside, just how bad are these vulnerabilities?
Lynn showed how an attacker might use the router's IPv6 feature to take complete control of the router and redirect packets. The vulnerability in the code, which had already been patched, was thought to only allow a DoS (denial of service) attack at worst.
Lynn noted that the attack would require multiple variations for different Cisco hardware, making it a poor candidate for a worm. Cisco's IOS is more difficult to crack than a multipurpose OS, he said, but as Cisco begins to standardize IOS across hardware platforms, it could become more vulnerable.
Bottom line, all programmable IP devices can be exploited. So protect them when possible--and patch them with vigilance.
You May Also Like