ID de Prueba:	1.3.6.1.4.1.25623.1.0.10700
Categoría:	CISCO
Título:	Cisco IOS HTTP Configuration Arbitrary Administrative Access
Resumen:	NOSUMMARY
Descripción:	Description: It is possible to execute arbitrary commands on the remote Cisco router, by requesting them via HTTP, as in /level/$NUMBER/exec/show/config/cr where $NUMBER is an integer between 16 and 99. An attacker may use this flaw to cut your network access to the Internet, and may even lock you out of the router. Solution : Disable the web configuration interface completely Risk factor : High
Referencia Cruzada:	BugTraq ID: 2936 Common Vulnerability Exposure (CVE) ID: CVE-2001-0537 http://www.securityfocus.com/bid/2936 Bugtraq: 20010629 Re: Cisco Security Advisory: IOS HTTP authorization vulnerability (Google Search) http://www.securityfocus.com/archive/1/4.3.2.7.2.20010629095801.0c3e6a70@brussels.cisco.com Bugtraq: 20010702 Cisco IOS HTTP Configuration Exploit (Google Search) http://www.securityfocus.com/archive/1/1601227034.20010702112207@olympos.org Bugtraq: 20010702 Cisco device HTTP exploit... (Google Search) http://www.securityfocus.com/archive/1/Pine.LNX.3.96.1010702134611.22995B-100000@Lib-Vai.lib.asu.edu Bugtraq: 20010702 ios-http-auth.sh (Google Search) http://www.securityfocus.com/archive/1/20010703011650.60515.qmail@web14910.mail.yahoo.com http://www.cert.org/advisories/CA-2001-14.html Computer Incident Advisory Center Bulletin: L-106 http://www.ciac.org/ciac/bulletins/l-106.shtml Cisco Security Advisory: 20010627 IOS HTTP authorization vulnerability http://www.cisco.com/warp/public/707/IOS-httplevel-pub.html http://www.osvdb.org/578 XForce ISS Database: cisco-ios-admin-access(6749) https://exchange.xforce.ibmcloud.com/vulnerabilities/6749
Copyright	This script is Copyright (C) 2001 Renaud Deraison

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.