A vulnerability exists in the HTTP server in Cisco products that run Cisco IOS Software versions 11.0 through 12.4. The HTTP server dynamically generates code that could be manipulated to execute commands against the device and might allow cross-site scripting attacks. Cisco published an advisory, "IOS HTTP Server Command Injection Vulnerability," which explains that a working exploit already exists and recommends that administrators disable the HTTP server on affected devices until a patch is available.
0 comments
Hide comments