Cisco bug could let hackers control Net traffic

Cisco Systems and an Internet security watchdog warn of a bug in the networking hardware maker's routers that could allow hackers to disrupt Web traffic or intercept information.

CNET News staff
2 min read
LONDON--Networking hardware maker Cisco Systems and the Computer Emergency Response Team (CERT) Coordination Center have warned of a bug in Cisco routers that could allow hackers to disrupt Internet traffic or intercept sensitive information.

The bug, revealed Thursday, allows an attacker to gain control of any Cisco router running certain operating software. Routers are devices that control how data moves around the Internet. Malicious attackers could stop Internet traffic, intercept information such as passwords and credit card numbers, or redirect traffic from Web sites.

The vulnerability allows a person to take control of the router without authorization. It affects "virtually all" mainstream Cisco routers and switches running Cisco's proprietary operating software, known as IOS.

"This access allows a remote attacker to inspect or change the configuration of the device, effectively allowing complete control," Internet security watchdog CERT wrote in an advisory Thursday.

Cisco said the vulnerability is caused by a flaw in the Web-server embedded in its routers that allow administrators to remotely control the devices via the Internet. As a result, it is possible to bypass authentication and exercise complete control over the router. The vulnerability requires little skill to exploit: an attacker can simply send a crafted URL, and commands will be executed on the router.

Cisco is recommending that these internal Web servers be disabled. The company is providing a software upgrade and a "workaround" to fix the problem, which will be available on its Web site.

Cisco said it has not had any reports of the bug being exploited. The bug originally was reported by independent consumers.

"We've had no reports by customers of active exploitation of these vulnerabilities," a Cisco spokeswoman confirmed in an e-mail interview. "The vulnerabilities have been or are in the process of being fixed, and the security advisories are being shared with customers."

Staff writer Matthew Broersma reported from London.