Cisco IOS HTTP access level authentication bypass

2010-12-23T00:00:00
ID SAINT:A242B6F95DE07B0835D4446421F7A1F2
Type saint
Reporter SAINT Corporation
Modified 2010-12-23T00:00:00

Description

Added: 12/23/2010
CVE: CVE-2001-0537
BID: 2936
OSVDB: 578

Background

The Cisco Internetwork Operating System (IOS) is the operating system used by Cisco routers.

Problem

A remote attacker could execute arbitrary commands at the highest privilege level (level 15) without needing to authenticate by requesting a URL of the form **http://_target_/level/_xx_/exec/_command_**, where xx is some number between 16 and 99.

Resolution

Apply the fix referenced in cisco-sa-20010627-ios-http-level. Alternatively, disable the HTTP interface or use TACACS+ or Radius for authentication.

References

<http://www.cert.org/advisories/CA-2001-14.html>

Limitations

Exploit works on Cisco IOS 11.3 through 12.2.

The target must have the HTTP interface enabled and be using local authentication in order for the exploit to succeed.

Platforms

Cisco