---------------------------------------------------------------------- Want to work within IT-Security? Secunia is expanding its team of highly skilled security experts. We will help with relocation and obtaining a work permit. Currently the following type of positions are available: http://secunia.com/quality_assurance_analyst/ http://secunia.com/web_application_security_specialist/ http://secunia.com/hardcore_disassembler_and_reverse_engineer/ ---------------------------------------------------------------------- TITLE: Cisco IOS DOCSIS Community String Vulnerability SECUNIA ADVISORY ID: SA21974 VERIFY ADVISORY: http://secunia.com/advisories/21974/ CRITICAL: Moderately critical IMPACT: System access WHERE: >From local network OPERATING SYSTEM: Cisco IOS 12.x http://secunia.com/product/182/ Cisco IOS R12.x http://secunia.com/product/50/ DESCRIPTION: A vulnerability has been reported in Cisco IOS, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is due to an error, which inadvertently enables an additional read-write community string for DOCSIS-compliant cable-capable devices when the device is configured for SNMP management. This may be exploited to gain full control of the device. The vulnerability has been reported in the following devices running Cisco IOS: * Cisco IAD2430 Integrated Access Device * Cisco IAD2431 Integrated Access Device * Cisco IAD2432 Integrated Access Device * Cisco VG224 Analog Phone Gateway * Cisco MWR 1900 Mobile Wireless Edge Router * Cisco MWR 1941 Mobile Wireless Edge Router SOLUTION: Fixes are available (see patch matrix in vendor advisory). http://www.cisco.com/warp/public/707/cisco-sa-20060920-docsis.shtml PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20060920-docsis.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------