Lucene search

SAINT CorporationSAINT:E5367ABE92EFF0A012F6658E79A5A70F

HistoryDec 23, 2010 - 12:00 a.m.

Cisco IOS HTTP exec path command execution

2010-12-2300:00:00

SAINT Corporation

download.saintcorporation.com

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.965 High

EPSS

Percentile

99.6%

JSON

Added: 12/23/2010
CVE: CVE-2000-0945
BID: 1846
OSVDB: 444

Background

The Cisco Internetwork Operating System (IOS) is the operating system used by Cisco routers.

Problem

A remote attacker could execute arbitrary commands through HTTP requests by requesting a path beginning with **/exec**.

Resolution

Set an enable password on the Cisco device.

References

<http://archives.neohapsis.com/archives/bugtraq/2000-10/0380.html>
<http://archives.neohapsis.com/archives/bugtraq/2000-11/0194.html>

Limitations

Exploit works on Cisco Catalyst 3500 XL devices with the enable password unset.

Platforms

Cisco

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.965 High

EPSS

Percentile

99.6%

JSON

Related for SAINT:E5367ABE92EFF0A012F6658E79A5A70F