Cisco knows of no public announcements or discussion of this
vulnerability before the date of this notice. Cisco has had no reports of
malicious exploitation of this vulnerability. These bugs were identified and
reported by outside companies conducting laboratory testing.
No special tools, and only the most basic of skills, are needed to
exploit this vulnerability. It would not be difficult for a person with minimal
sophistication to find a way to exploit this vulnerability.
Cisco thanks the Internet Security Systems (ISS) X-Force, for
independently discovering this matter and bringing it to the attention of
Cisco's Product Security Incident Response Team (PSIRT).
The initial report of CSCdi74333 was received before the establishment
of the PSIRT, from a customer who has neither requested credit nor given
permission to be named in this notice. Cisco security notices do not name or
credit third parties without their specific permission.