Cisco 'tech-support' Anonymous User Debugging Information Disclosure

2005-01-06T00:00:00
ID 2497.PRM
Type nessus
Reporter Tenable
Modified 2016-01-15T00:00:00

Description

Cisco routers and switches ship with a default web interface that allows remote administrators to view the entire configuration via the web. Unfortunately, many of these devices are not password protected and allow anonymous users to download critical router/switch configuration information. An attacker can download the Cisco configuration file by browsing to /exec/show/tech-support/cr

                                        
                                            Binary data 2497.prm