IOS HTTP Authorization Vulnerability - Cisco Systems

This script is (C) 2010-2014 Tenable Network Security, Inc.


Synopsis :

The remote device is missing a vendor-supplied security patch.

Description :

When the HTTP server is enabled and local authorization is used, it is
possible, under some circumstances, to bypass the authentication and
execute any command on the device. In that case, the user will be able
to exercise complete control over the device. All commands will be
executed with the highest privilege (level 15).
All releases of Cisco IOS software, starting with release 11.3 and
later, are vulnerable. Virtually all mainstream Cisco routers and
switches running Cisco IOS software are affected by this vulnerability.

Products that are not running Cisco IOS software are not vulnerable.
The workaround for this vulnerability is to disable HTTP server on the
router or to use Terminal Access Controller Access Control System
(TACACS+) or Radius for authentication.

See also :

http://www.nessus.org/u?faba55ec
http://www.nessus.org/u?6a9a2877

Solution :

Apply the relevant patch referenced in Cisco Security Advisory
cisco-sa-20010627-ios-http-level.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.1
(CVSS2#E:H/RL:OF/RC:C)
Public Exploit Available : true

Family: CISCO

Nessus Plugin ID: 48956 (cisco-sa-20010627-ios-http-levelhttp.nasl)

Bugtraq ID: 2936

CVE ID: CVE-2001-0537