English | Deutsch | Español | Português
 UserID:
 Passwd:
 new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   		     Search 61204 CVE descriptions
and 32582 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.10700
Category:CISCO
Title:Cisco IOS HTTP Configuration Arbitrary Administrative Access
Summary:Obtains the remote router configuration
Description:
It is possible to execute arbitrary commands on the
remote Cisco router, by requesting them via HTTP,
as in
/level/$NUMBER/exec/show/config/cr

where $NUMBER is an integer between 16 and 99.

An attacker may use this flaw to cut your network access to
the Internet, and may even lock you out of the router.

Solution : Disable the web configuration interface completely
Risk factor : High
Cross-Ref: BugTraq ID: 2936
Common Vulnerability Exposure (CVE) ID: CVE-2001-0537
Cisco Security Advisory: 20010627 IOS HTTP authorization vulnerability
http://www.cisco.com/warp/public/707/IOS-httplevel-pub.html
Bugtraq: 20010629 Re: Cisco Security Advisory: IOS HTTP authorization vulnerability (Google Search)
http://www.securityfocus.com/archive/1/4.3.2.7.2.20010629095801.0c3e6a70@brussels.cisco.com
Bugtraq: 20010702 Cisco IOS HTTP Configuration Exploit (Google Search)
http://www.securityfocus.com/archive/1/1601227034.20010702112207@olympos.org
Bugtraq: 20010702 Cisco device HTTP exploit... (Google Search)
http://www.securityfocus.com/archive/1/Pine.LNX.3.96.1010702134611.22995B-100000@Lib-Vai.lib.asu.edu
Bugtraq: 20010702 ios-http-auth.sh (Google Search)
http://www.securityfocus.com/archive/1/20010703011650.60515.qmail@web14910.mail.yahoo.com
http://www.cert.org/advisories/CA-2001-14.html
Computer Incident Advisory Center Bulletin: L-106
http://www.ciac.org/ciac/bulletins/l-106.shtml
http://www.securityfocus.com/bid/2936
http://www.osvdb.org/578
XForce ISS Database: cisco-ios-admin-access(6749)
http://xforce.iss.net/static/6749.php
CopyrightThis script is Copyright (C) 2001 Renaud Deraison

This is only one of 32582 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  
 Forgot userid or passwd?
Email/Userid:



Home | About Us | Contact Us | Partner Programs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois

© 1998-2013 E-Soft Inc. All rights reserved.