Bugtraq mailing list archives
Cisco PSIRT response on IRM Demonstrates Multiple Cisco IOS Exploitation Techniques
From: Damir Rajnovic <gaus () cisco com>
Date: Wed, 10 Oct 2007 12:05:23 +0100
Hello, Cisco PSIRT is aware of the three videos IRM Plc. published on their web site at <http://www.irmplc.com/index.php/153-Embedded-Systems-Security>. Cisco and IRM agree that the videos do not demonstrate or represent a vulnerability in Cisco IOS. Specifically, the code to manipulate Cisco IOS could be inserted only under the following conditions: - Usage of the debugger functionality present in IOS - Having physical access to the device - Already logged in at the highest privilege level on the device. IRM approached Cisco PSIRT with this information prior to its public release and Cisco has confirmed the information provided is a proof-of-concept that third party code could be inserted under these specific conditions. Regards, Gaus ============== Damir Rajnovic <psirt () cisco com>, PSIRT Incident Manager, Cisco Systems <http://www.cisco.com/go/psirt> Telephone: +44 7715 546 033 200 Longwater Avenue, Green Park, Reading, Berkshire RG2 6GB, GB ============== There are no insolvable problems. The question is can you accept the solution?
Attachment:
_bin
Description:
Current thread:
- Cisco PSIRT response on IRM Demonstrates Multiple Cisco IOS Exploitation Techniques Damir Rajnovic (Oct 10)
- Re: Cisco PSIRT response on IRM Demonstrates Multiple Cisco IOS Exploitation Techniques Halvar Flake (Oct 10)
- RE: Cisco PSIRT response on IRM Demonstrates Multiple Cisco IOS Exploitation Techniques Andy Davis (Oct 11)
- Re: Cisco PSIRT response on IRM Demonstrates Multiple Cisco IOS Exploitation Techniques Halvar Flake (Oct 11)
- RE: Cisco PSIRT response on IRM Demonstrates Multiple Cisco IOS Exploitation Techniques Andy Davis (Oct 11)
- Re: Cisco PSIRT response on IRM Demonstrates Multiple Cisco IOS Exploitation Techniques Halvar Flake (Oct 11)
- Re: Cisco PSIRT response on IRM Demonstrates Multiple Cisco IOS Exploitation Techniques Roman Medina-Heigl Hernandez (Oct 12)
- Re: Cisco PSIRT response on IRM Demonstrates Multiple Cisco IOS Exploitation Techniques Mark Senior (Oct 12)
- RE: Cisco PSIRT response on IRM Demonstrates Multiple Cisco IOS Exploitation Techniques Andy Davis (Oct 11)
- Re: Cisco PSIRT response on IRM Demonstrates Multiple Cisco IOS Exploitation Techniques Halvar Flake (Oct 10)
- <Possible follow-ups>
- RE: Cisco PSIRT response on IRM Demonstrates Multiple Cisco IOS Exploitation Techniques Andy Davis (Oct 16)