Cisco IOS May Allow Unauthorized Access

Cisco IOS May Allow Unauthorized Access
Reported August 24, 1998 by Cisco Systems

VERSIONS AFFECTED

• Cisco IOS software versions 9.1 and later

DESCRIPTION

Cisco Systems has revealed a problem with their IOS software, version 9.1 and later, where unauthorized users may be able to gain access to the router. Reports of sporadic router crashes led Cisco to discovering the problem, which affects many of their routers with model numbers ranging from 1000 and above. This definitely includes the 7000 and 12000 series models. According to their field service bulletin, with knowledge of IOS, an intruder could readily crash a router without having to logon first, and leave no trace in a system log.

SOLUTION

Cisco says a patch is available.

Some versions of the 11.X IOS software have been corrected -- according to Cisco, the first regular release, 11.0.21 will contain the fix as well. That version is due in September of 98.

Cisco says software upgrades are available free to all, regardless of contract status. If a change in hardware is required, Cisco will negotiate on a case-by-case basis.

Prudent network administrators can work around the problem by applying appropriate access control lists to all terminal access methods.