Reported July 11, 2001, by Cisco Systems.
Cisco SN 5420 Storage Router software 1.1(3) and earlier
Two vulnerabilities exist in the Cisco SN 5420 Storage Router software. The first vulnerability lets an attacker cause a Denial of Service (DoS) condition by rapidly establishing connections to TCP port 8023 to reboot the device. The second vulnerability lets an unauthorized user log on to the developer's shell by using rlogin or the management interface. With this low-level access to the device, the attacker can execute debug commands, start and stop processes, and interfere with process execution.
Cisco has issued a notice regarding this vulnerability. The company recommends that users obtain a firmware upgrade through the Software Center on Cisco's Web site or through Cisco's distribution channels.
Discovered by Cisco Systems.