Cisco Catalyst Web Interface Remote Command Execution

critical Nessus Plugin ID 10545

Synopsis

The remote router has a command execution vulnerability.

Description

The remote device appears to be a Cisco Catalyst. It is possible to execute arbitrary commands on the router by requesting them via HTTP, as in :

/exec/show/config/cr

This command shows the configuration file, which contains passwords.
A remote attacker could use this flaw to take control of the router.

Solution

Disable the web configuration interface.

See Also

https://seclists.org/bugtraq/2000/Oct/393

http://www.nessus.org/u?3b59f033

Plugin Details

Severity: Critical

ID: 10545

File Name: cisco_catalyst.nasl

Version: 1.38

Type: remote

Family: CISCO

Published: 11/10/2000

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/h:cisco:catalyst_3500_xl

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 10/26/2000

Reference Information

CVE: CVE-2000-0945

BID: 1846