Cisco IOS HTTP Server Vulnerability - Cisco Systems

This script is (C) 2010-2014 Tenable Network Security, Inc.


Synopsis :

The remote device is missing a vendor-supplied security patch.

Description :

A defect in multiple releases of Cisco IOS software will cause a Cisco
router or switch to halt and reload if the IOS HTTP service is enabled
and browsing to "http://<router-ip>/%%" is attempted. This defect can
be exploited to produce a denial of service (DoS) attack. This defect
has been discussed on public mailing lists and should be considered
public information.
The vulnerability, identified as Cisco bug ID CSCdr36952, affects
virtually all mainstream Cisco routers and switches running Cisco IOS
software releases 11.1 through 12.1, inclusive. The vulnerability has
been corrected and Cisco is making fixed releases available to replace
all affected IOS releases. Customers are urged to upgrade to releases
that are not vulnerable to this defect as shown in detail below.
The vulnerability can be mitigated by disabling the IOS HTTP server,
using an access-list on an interface in the path to the router to
prevent unauthorized network connections to the HTTP server, or
applying an access-class option directly to the HTTP server itself. The
IOS HTTP server is enabled by default only on Cisco 1003, 1004, and
1005 routers that are not configured. In all other cases, the IOS http
server must be explicitly enabled in order to exploit this defect.

See also :

http://archives.neohapsis.com/archives/bugtraq/2000-04/0261.html
http://www.nessus.org/u?27e432a9
http://www.nessus.org/u?ae78d855

Solution :

Apply the relevant patch referenced in Cisco Security Advisory
cisco-sa-20000514-ios-http-server.

Risk factor :

High / CVSS Base Score : 7.1
(CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C)
CVSS Temporal Score : 6.7
(CVSS2#E:H/RL:W/RC:C)
Public Exploit Available : true

Family: CISCO

Nessus Plugin ID: 48949 (cisco-sa-20000514-ios-http-serverhttp.nasl)

Bugtraq ID: 1154

CVE ID: CVE-2000-0380