Lucene search

SAINT CorporationSAINT:08328CCDFE0A13B285DBEA9469087A1D

HistoryDec 23, 2010 - 12:00 a.m.

Cisco IOS HTTP access level authentication bypass

2010-12-2300:00:00

SAINT Corporation

download.saintcorporation.com

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.877 High

EPSS

Percentile

98.7%

JSON

Added: 12/23/2010
CVE: CVE-2001-0537
BID: 2936
OSVDB: 578

Background

The Cisco Internetwork Operating System (IOS) is the operating system used by Cisco routers.

Problem

A remote attacker could execute arbitrary commands at the highest privilege level (level 15) without needing to authenticate by requesting a URL of the form **http://_target_/level/_xx_/exec/_command_**, where xx is some number between 16 and 99.

Resolution

Apply the fix referenced in cisco-sa-20010627-ios-http-level. Alternatively, disable the HTTP interface or use TACACS+ or Radius for authentication.

References

<http://www.cert.org/advisories/CA-2001-14.html>

Limitations

Exploit works on Cisco IOS 11.3 through 12.2.

The target must have the HTTP interface enabled and be using local authentication in order for the exploit to succeed.

Platforms

Cisco

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.877 High

EPSS

Percentile

98.7%

JSON

Related for SAINT:08328CCDFE0A13B285DBEA9469087A1D