Cisco IOS HTTP Configuration Unauthorized Administrative Access

This script is Copyright (C) 2001-2013 Tenable Network Security, Inc.


Synopsis :

The remote router allows authentication to be bypassed and arbitrary
commands to be executed.

Description :

It is possible to execute arbitrary commands on the remote Cisco
router. An attacker may leverage this issue to disable network access
via this device or lock legitimate users out of the router.

See also :

http://www.nessus.org/u?faba55ec

Solution :

Disable the web configuration interface completely.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.1
(CVSS2#E:H/RL:OF/RC:C)
Public Exploit Available : true

Family: CISCO

Nessus Plugin ID: 10700 (cisco_http_admin_access.nasl)

Bugtraq ID: 2936

CVE ID: CVE-2001-0537