The Cisco Content Service Switch (CSS) 11000 series switches do not
enforce the correct restrictions for accessing the web management URL.
After successful authentication users are redirected to the web
management URL. If users directly connect to the redirected URL they are
granted access to the web management interface without having to
reauthenticate. This vulnerability results in users gaining access to secure
This vulnerability is documented as Cisco bug IDs CSCdu20931 and
This advisory will be posted at
This advisory is being re-released because the vulnerability was not
completely fixed previously. Users are still vulnerable and should apply the
workarounds in the Workarounds section to
mitigate the affects of the vulnerability.