受影响系统： 所有运行CISCO IOS软件版本11.3和后续版本的设备： * Cisco routers in the AGS/MGS/CGS/AGS+, IGS, RSM, 800, ubr900, 1000, 1400, 1500, 1600, 1700, 2500, 2600, 3000, 3600, 3800, 4000, 4500, 4700, AS5200, AS5300, AS5800, 6400, 7000, 7100, 7200, ubr7200, 7500, and 12000 series. * Most recent versions of the LS1010 ATM switch. * The Catalyst 6000 if it is running Cisco IOS software. * The Catalyst 2900XL LAN switch only if it is running Cisco IOS software. * The Catalyst 1900, 2800, 2900, 3000, and 5000 series LAN switches are affected. * The Cisco Distributed Director 不运行CISCO IOS软件的产品不受此漏洞影响，但不包括： * 700 series dialup routers (750, 760, and 770 series). * The Catalyst 6000 is not affected if it is not running Cisco IOS software. * WAN switching products in the IGX and BPX lines. * The MGX (formerly known as the AXIS shelf). * Host-based software. * The Cisco PIX Firewall. * The Cisco LocalDirector. * The Cisco Cache Engine. 漏洞内容： 通过请求特殊的URL可以绕过认证和以ROUTER的级别15身份执行任意命令，同样的URL不会很有效的针对所有CISCO IOS软件和硬件的组合，不过，通过84不同的组合尝试就可以容易的让攻击者查看和改变设备配置。 http://>/level/xx/exec/.... 这里的XX是数字 16 到 99之间。 解决方案： 在路由上关闭HTTP服务或者使用TACACS+或者RADIOUS认证。 关闭HTTP服务，使用如下命令： Router# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)# no ip http server 要配置TACACS+或者RADIOUS认证请看如下连接： http://www.cisco.com/warp/public/480/tacplus.shtml