Cisco IOS HTTP Server Vulnerable to Arbitrary Command Execution and Cross-Site Scripting Attacks

A vulnerability exists in the HTTP server in Cisco products that run Cisco IOS Software versions 11.0 through 12.4. The HTTP server dynamically generates code that could be manipulated to execute commands against the device and might allow cross-site scripting attacks. Cisco published an advisory, "IOS HTTP Server Command Injection Vulnerability," which explains that a working exploit already exists and recommends that administrators disable the HTTP server on affected devices until a patch is available.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.