Cisco Scambling to Contain Malicious Code

In an advisory released March 27, Cisco confirmed malicious hackers are circulating code that could be used to run denial-of-service attacks against multiple products.

“Customers should take steps to ensure that they have addressed each of these either via a software upgrade or workarounds in place as appropriate in order to mitigate any risk from this new exploit code,” Cisco warned.

The “Cisco Global Exploiter” exploit code was released to underground hacking Web sites over the weekend and could be used to attack nine Cisco vulnerabilities. The hacking toolkit, which was seen by, includes very specific references to the targeted Cisco security holes.

While most are denial-of-service (define) vulnerabilities, one flaw in the Cisco Broadband Operating System (CBOS) could lead to buffer overflows and router takeovers.

Vulnerabilities that could be targeted by the exploit code include the Cisco IOS Router DoS flaw; Cisco IOS HTTP Auth Vulnerability; Cisco IOS HTTP Configuration Arbitrary Administrative Access Vulnerability; Cisco Catalyst SSH Protocol Mismatch DoS Vulnerability; Cisco Catalyst SSH Protocol Mismatch Vulnerability; and the Cisco 675 Web Administration Denial of Service Vulnerability.

The company also warned hackers could unleash the infamous “Code Red” worm with the toolkit. Cisco’s advisory contained specific patches and workaround that have previously been available.

It is not the first time that an active exploit targeting a known vulnerability in Cisco routers and switches has been released on the Internet.

Last July, a “fully functioning exploit tool” was released on the Full Disclosure security mailing list. The company started receiving reports of Cisco routers under attack immediately after the tool appeared.