CERT and Cisco have issued a warning about a vulnerability in the Cisco IOS starting at version 11.3 and affecting all later versions.
 
If your Cisco equipment is HTTP enabled and you're not using TACACS+ or RADIUS for authentication it is vulnerable to complete takeover.  The hack is very simple.
 
Please read the Cisco warning and/or the CERT advisory for further information.
 
The warnings were released yesterday.
 
Happy Hacker Stopping.
 
Larry Diffey