Cisco WebNS Management Software Allows Unauthenticated Access

Reported May 31, 2001, by Cisco Systems.

VERSIONS AFFECTED

  • All Cisco CSS 11000 series (formerly known as Arrowpoint) switches running WebNS software versions earlier than 4.01B29s and 4.10B17s, including CSS 11050, CSS 11150, and CSS 11800 hardware platform switches

DESCRIPTION
If users bookmark the URL that the Web management interface directs the users to after first authentication, users can access that URL anytime in the future without having to reauthenticate.

 

VENDOR RESPONSE

Cisco has issued an advisory regarding this vulnerability. Cisco recommends that users running the above-listed WebNS software versions upgrade to versions 4.01B29s or 4.10B17s, available through regular support channels. As a workaround, Cisco recommends either disabling the Web management interface on the switch or applying access control as specified in the following documents:

 

http://www.cisco.com/univercd/cc/td/doc/product/webscale/css/bsccfggd/profiles.htm and http://www.cisco.com/univercd/cc/td/doc/product/webscale/css/advcfggd/sgacleql.htm

 

CREDIT
Discovered by Cisco.

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish