This script is (C) 2010-2014 Tenable Network Security, Inc.
The remote device is missing a vendor-supplied security patch
A defect in multiple releases of Cisco IOS software will cause a Cisco
router or switch to halt and reload if the IOS HTTP service is enabled,
browsing to "http://router-ip/anytext?/" is attempted, and the enable
password is supplied when requested. This defect can be exploited to
produce a denial of service (DoS) attack.
The vulnerability, identified as Cisco bug ID CSCdr91706, affects
virtually all mainstream Cisco routers and switches running Cisco IOS
software releases 12.0 through 12.1, inclusive. This is not the same
defect as CSCdr36952.
The vulnerability has been corrected and Cisco is making fixed releases
available for free to replace all affected IOS releases. Customers are
urged to upgrade to releases that are not vulnerable to this defect as
shown in detail below.
This vulnerability can only be exploited if the enable password is
known or not set.
See also :
Apply the relevant patch referenced in Cisco Security Advisory
Risk factor :
Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 4.8
Public Exploit Available : true
Nessus Plugin ID: 48950 (cisco-sa-20001025-ios-http-server-queryhttp.nasl)
Bugtraq ID: 1838
CVE ID: CVE-2000-0984
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.