Cisco IOS HTTP Server Query Vulnerability - Cisco Systems

This script is (C) 2010-2014 Tenable Network Security, Inc.


Synopsis :

The remote device is missing a vendor-supplied security patch

Description :

A defect in multiple releases of Cisco IOS software will cause a Cisco
router or switch to halt and reload if the IOS HTTP service is enabled,
browsing to "http://router-ip/anytext?/" is attempted, and the enable
password is supplied when requested. This defect can be exploited to
produce a denial of service (DoS) attack.
The vulnerability, identified as Cisco bug ID CSCdr91706, affects
virtually all mainstream Cisco routers and switches running Cisco IOS
software releases 12.0 through 12.1, inclusive. This is not the same
defect as CSCdr36952.
The vulnerability has been corrected and Cisco is making fixed releases
available for free to replace all affected IOS releases. Customers are
urged to upgrade to releases that are not vulnerable to this defect as
shown in detail below.
This vulnerability can only be exploited if the enable password is
known or not set.

See also :

http://www.nessus.org/u?b2f962f9
http://www.nessus.org/u?81828152

Solution :

Apply the relevant patch referenced in Cisco Security Advisory
cisco-sa-20001025-ios-http-server-query.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 4.8
(CVSS2#E:H/RL:W/RC:ND)
Public Exploit Available : true

Family: CISCO

Nessus Plugin ID: 48950 (cisco-sa-20001025-ios-http-server-queryhttp.nasl)

Bugtraq ID: 1838

CVE ID: CVE-2000-0984