iDefense Alert: Cisco Web Administration DDoS Vulnerability

By David Morgenstern  |  Print this article Print


Desktop-as-a-Service Designed for Any Cloud ? Nutanix Frame

iDefense Inc. on Thursday reported a design error vulnerability in Cisco Systems Inc.' 600 series Web Administration service that opens the router up to a distributed denial-of-service condition.

Security intelligence firm iDefense Inc. on April 1, reported that remote exploitation of a design error vulnerability in Cisco Systems Inc.' 600 series Web Administration service allows for a distributed-denial-of-service (DDoS) condition. The company rated the severity of this security event as high.

The Web Administration service on the Cisco 627, 633, 673, 675, 675E, 677, 677i and 678 routers are unable to properly handle multiple 'GET' requests from separate clients. When the Cisco 600 series router is accessed via the HTTP protocol (TCP port 80) through multiple connections, the Cisco 600 series router will fail, the Reston, Va.-based security company said in Thursday's alert report.

"The Cisco 600 series router will stop routing data and will also stop responding to configuration requests via the web interface. The Cisco 600 series routers commonly ship with the web interface enabled by default, and many ISPs provide them to customers in this default configuration," the report stated.

Click here for the full story.
David Morgenstern is Executive Editor/Special Projects of eWEEK. Previously, he served as the news editor of Ziff Davis Internet and editor for Ziff Davis' Storage Supersite.

In 'the days,' he was an award-winning editor with the heralded MacWEEK newsweekly as well as eMediaweekly, a trade publication for managers of professional digital content creation.

David has also worked on the vendor side of the industry, including companies offering professional displays and color-calibration technology, and Internet video.

He can be reached here.


Submit a Comment

Loading Comments...