Code attacks Cisco vulnerabilities
Last modified: March 29, 2004, 3:17 PM PST
By Marguerite Reardon
Staff Writer, CNET News.com
Cisco Systems issued a security warning this weekend to customers after new software code was published on the Internet that targeted certain vulnerabilities on several of its networking products.
The software code, written by a group of teenagers in Italy calling themselves the "BlackAngels," exploits nine vulnerabilities found in Cisco's Internetwork Operating System (IOS). This software runs on most of Cisco's products, including its Catalyst Ethernet switches and Internet Protocol routers.
Many of the vulnerabilities exposed in the new software tool have already been identified and addressed by Cisco. Some of them were identified as far back as 2000. As these problems were discovered, Cisco published software upgrades and workaround scenarios to help customers protect their networks from malicious attacks.
While the vulnerabilities have been known for some time, the program, called the "Cisco Global Exploiter," makes exploiting them much easier by providing simple streams of code. After the code was published, Cisco posted a warning on its Web site on Saturday. It also provided links to vulnerabilities that had already been discovered.