Test ID:	1.3.6.1.4.1.25623.1.0.10700
Category:	CISCO
Title:	Cisco IOS HTTP Configuration Arbitrary Administrative Access
Summary:	NOSUMMARY
Description:	Description: It is possible to execute arbitrary commands on the remote Cisco router, by requesting them via HTTP, as in /level/$NUMBER/exec/show/config/cr where $NUMBER is an integer between 16 and 99. An attacker may use this flaw to cut your network access to the Internet, and may even lock you out of the router. Solution : Disable the web configuration interface completely Risk factor : High
Cross-Ref:	BugTraq ID: 2936 Common Vulnerability Exposure (CVE) ID: CVE-2001-0537 http://www.securityfocus.com/bid/2936 Bugtraq: 20010629 Re: Cisco Security Advisory: IOS HTTP authorization vulnerability (Google Search) http://www.securityfocus.com/archive/1/4.3.2.7.2.20010629095801.0c3e6a70@brussels.cisco.com Bugtraq: 20010702 Cisco IOS HTTP Configuration Exploit (Google Search) http://www.securityfocus.com/archive/1/1601227034.20010702112207@olympos.org Bugtraq: 20010702 Cisco device HTTP exploit... (Google Search) http://www.securityfocus.com/archive/1/Pine.LNX.3.96.1010702134611.22995B-100000@Lib-Vai.lib.asu.edu Bugtraq: 20010702 ios-http-auth.sh (Google Search) http://www.securityfocus.com/archive/1/20010703011650.60515.qmail@web14910.mail.yahoo.com http://www.cert.org/advisories/CA-2001-14.html Computer Incident Advisory Center Bulletin: L-106 http://www.ciac.org/ciac/bulletins/l-106.shtml Cisco Security Advisory: 20010627 IOS HTTP authorization vulnerability http://www.cisco.com/warp/public/707/IOS-httplevel-pub.html http://www.osvdb.org/578 XForce ISS Database: cisco-ios-admin-access(6749) https://exchange.xforce.ibmcloud.com/vulnerabilities/6749
Copyright	This script is Copyright (C) 2001 Renaud Deraison

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.