Skip Links

Network World

Jim Duffy

Cisco Content Delivery System open to attack

Company issues security advisory on caching, streaming application

By Jim Duffy on Fri, 07/23/10 - 3:49pm.

Cisco this week issued another security advisory, this time on its Content Delivery System. The product's Internet Streamer application has a vulnerability that could allow an attacker to read files arbitrarily on the device.

An unauthenticated attacker could exploit this vulnerability to access password files and system logs, the advisory states.

The Internet Streamer application provides edge caching, content streaming, and downloads to subscriber IP devices such as PCs. Specifically, Cisco says the application contains a "director traversal" vulnerability on its web server that allows for arbitrary file access. An attacker may be able to read these files, outside of the web server document directory, through a specially crafted URL.

This vulnerability can be exploited over all open HTTP ports, including TCP ports 80, 443 and 8090, as well as those configured as part of the HTTP proxy, the advisory states.

The vulnerability was reported to Cisco by carrier BT. Cisco says it is issuing free software to mitigate the problem, and that there are also workarounds to bypass it.

All versions of system software on the Internet Streamer application are vulnerable, the advisory says. Cisco says it is not aware of any malicious use of the vulnerability.

More from Cisco Subnet:

 

All of today's Cisco news and blogs

Cisco wants to be the standard

Wendell Odom: Tons of Answers at Networkers

Forget Apple. RIM should fear Cisco's Cius

Why You Can No Longer Afford to Consider Presence an Optional Component

The Next Generation of Routing Architecture

Hands on with the Android tablet "Cius" that Cisco announced at Cisco Live

High Availability, Headless Communists, and Other Random Thoughts from Networkers

Lieberman Cybersecurity Bill Could Change IT Procurement

Like RSS readers? Subscribe to the Cisco Subnet RSS feed

 

Follow all Cisco Subnet bloggers on Twitter.
Follow Jim Duffy on Twitter

What is Tech Briefcase?
TechBriefcase is a new, free service where IT Professionals can Search, Store and Share IT white papers and content like this. Learn more
Bookmark content
Speed up your research efforts with content across the web.
Search and Store
Find the white papers you need. Create folders for any topic.
View Anywhere
Open your briefcase on your iPhone, tablet or desktop. Share with colleagues.
Don't have an account yet?
About The Cisco Connection

The Cisco Subnet blog is written by Network World managing editor Jim Duffy Visit the Cisco Subnet home page daily and while you are there, subscribe to the Cisco Alert e-mail newsletter, which includes news and views generated by the Cisco Subnet community as well as Cisco-related stories on Network World and elsewhere on the Web.

Follow Jim Duffy on Twitter

 

Most Discussed Posts