Cisco router failure threatens the safety net

Cisco Systems and CERT, the security consulting organization, has warned of a bug in Cisco routers and switches. The ruling could give a hacker the ability to disrupt Internet traffic or other confidential information from interception.

The bug, revealed on Thursday, allowing an attacker to take control of any Cisco router with IOS software. The bug affects all versions of the software, which controls most of Cisco products, starting with version 11.3. The error affects “virtually all” core routers and switches running Cisco IOS.

The vulnerability requires little skill to exploit: A malicious user can simply send a URL by hand and run commands on the router or switch.

The ruling allows an attacker to take control of routers at the highest level – level 15 – without authorization. Routers are devices that control how data moves around the Internet, to control unauthorized hackers can stop Internet traffic, intercept information such as passwords and credit card numbers, or redirect traffic to a Web site to another.

Cisco said that when a HTTP server is enabled and users are allowed from a local database, it is possible for a hacker to bypass authentication and exercise full control over the router.

The company recommends that the HTTP server is disabled on routers. The problem can also be circumvented by using Terminal Access Controller Access Control System (TACACS +) or radio systems for authentication instead of a local database.

The same URL will not be effective in each device, depending on the combination of hardware and software versions. But since there are only 84 combinations to try, they could all be tested in a short space of time, Cisco said.

Cisco said it has not had any reports of errors in operation. Also originally reported by individual users.