Router bug could let hackers control Internet traffic

Cisco warns of a software glitch that could let hackers take control of Internet routers and intercept traffic

Cisco Systems and CERT, the security advisory organisation, have warned of a bug in Cisco routers and switches that could give a hacker the ability to disrupt Internet traffic or intercept sensitive information.

The bug, revealed on Thursday, allows a malicious user to gain control of any Cisco router running IOS software, which controls most of Cisco's products. The bug affects all releases of the software beginning with version 11.3. The bug affects "virtually all" mainstream Cisco routers and switches running IOS.

The vulnerability allows a user to take control of the router at the highest level, level 15, without authorisation. Routers are devices that control how data moves around the Internet; if hackers took control of them, they could stop Internet traffic, intercept information such as passwords and credit card numbers, or redirect traffic from, say, Microsoft.com to any other Web site.

Cisco said that when the HTTP server is enabled and users are authorised from a local database, it is possible to bypass authentication and exercise complete control over the router.

The company is recommending that the HTTP server on the routers be disabled. The problem can also be sidestepped by using Terminal Access Controller Access Control System (TACACS+) or Radius systems for authentication instead of a local database.

Cisco said it is also providing a software upgrade to fix the problem, which will be available on its Web site at www.cisco.com.

The vulnerability requires little skill to exploit: a malicious user can simply send a crafted URL and commands will be executed on the router or switch.

According to Cisco, the URL takes the form:

http:///level/xx/exec/....

Where xx is a number between 16 and 99.

The same URL will not be effective on every device, depending on the combination of hardware and software releases, but since there are only 84 combinations to try, they could all be tested in a short space of time, Cisco said.

Cisco said it has not had any reports of the bug being exploited. It was originally reported by independent users.

Is your PC safe? Find out in ZDNet UK's Viruses and Hacking News Section.

Have your say instantly, and see what others have said. Click on the TalkBack button and go to the Security forum.

Let the editors know what you think in the Mailroom. And read other letters.