Cisco have published two bulletins that report
vulnerabilities which affect several of their products -in general all
of those that include IOS software- and have also released the
corresponding patches.
In the first bulletin, available at
http://www.cisco.com/warp/public/707/IOS-httplevel-pub.html, Cisco
describes a vulnerability in devices with IOS 11.3 or later version,
which occurs when the HTTP server is enabled and local authorization is
used. By sending a specially modified URL, an attacker could bypass the
authentication process and run any command in the router with level 15
privileges (maximum privileges). The URL that would have to be sent
depends on the combination of hardware and the version of IOS.
In the second bulletin, published at
http://www.cisco.com/warp/public/707/SSH-multiple-pub.html, Cisco
reports a vulnerability that affects all Cisco devices with IOS software
that supports SSH (Secure Shell), whatever the IOS version or device.
Catalyst 6000 switches with CatOS and the Cisco PIX firewall are also
affected. The bug has been inherited from the SSH protocol version 1.5,
which is included in the devices that are affected.
There are several vulnerabilities that affect SSH 1.5 and, therefore,
Cisco devices with this support. These problems could allow an attacker
to obtain information that may help in a brute force attack, or help to
establish a valid SSH session in order to insert malicious code.
NOTE: Any of these addresses, depending on your e-mail client, may not
show up on your screen as one string. This would prevent you from using
this link to access the web page. If this happens, just use the "cut"
and "paste" options to join both pieces of the URL.