Lucene search

SAINT CorporationSAINT:7051A5D955FDC520A64D08463A4EE19E

HistoryDec 23, 2010 - 12:00 a.m.

Cisco IOS HTTP exec path command execution

2010-12-2300:00:00

SAINT Corporation

my.saintcorporation.com

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.965 High

EPSS

Percentile

99.6%

JSON

Added: 12/23/2010
CVE: CVE-2000-0945
BID: 1846
OSVDB: 444

Background

The Cisco Internetwork Operating System (IOS) is the operating system used by Cisco routers.

Problem

A remote attacker could execute arbitrary commands through HTTP requests by requesting a path beginning with **/exec**.

Resolution

Set an enable password on the Cisco device.

References

<http://archives.neohapsis.com/archives/bugtraq/2000-10/0380.html>
<http://archives.neohapsis.com/archives/bugtraq/2000-11/0194.html>

Limitations

Exploit works on Cisco Catalyst 3500 XL devices with the enable password unset.

Platforms

Cisco

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.965 High

EPSS

Percentile

99.6%

JSON

Related for SAINT:7051A5D955FDC520A64D08463A4EE19E