In response to Advisory 13/2006 posted by the Hardened-PHP Project, Cisco released a notification that several products were affected by the HTML encoder vulnerability. Affected products include:
- Network Analysis Modules (NAM) for Cisco 6500 switch, Cisco 7600 router and Branch Routers
- CiscoWorks Wireless LAN Solution Engine (WLSE) and CiscoWorks Wireless LAN Solution Engine Express (WLSX)
- Cisco Unified Application Environment
- Hosting Solution Engine/Hosting Solution Software
No workarounds are currently available, and the document has this to say:
A best practice is to configure IP source restriction to valid source IP addresses of administrative clients that may access the affected devices. Administrators should restrict access to the web interface to only trusted client IP addresses or subnets.
Get Slaptijack updates delivered to your Inbox or RSS Reader for free!
Leave a Reply