IOS HTTP Server Command Injection Vulnerability

This script is (C) 2010-2014 Tenable Network Security, Inc.


Synopsis :

The remote device is missing a vendor-supplied security patch.

Description :

A vulnerability exists in the IOS HTTP server in which HTML code
inserted into dynamically-generated output, such as the output from a
show buffers command, will be passed to the browser requesting the
page. This HTML code could be interpreted by the client browser and
potentially execute malicious commands against the device or execute
other possible cross-site scripting attacks. Successful exploitation
of this vulnerability requires that a user browse a page containing
dynamic content in which HTML commands have been injected.

Cisco will be making free software available to address this
vulnerability for affected customers. There are workarounds available
to mitigate the effects of the vulnerability.

See also :

http://archives.neohapsis.com/archives/bugtraq/2005-11/0335.html
http://archives.neohapsis.com/archives/bugtraq/2005-11/0362.html
http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0603.html
http://www.nessus.org/u?ecf79a12
http://www.nessus.org/u?21ef7230

Solution :

Apply the relevant patch referenced in Cisco Security Advisory
cisco-sa-20051201-http.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVSS Temporal Score : 4.1
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: CISCO

Nessus Plugin ID: 48991 (cisco-sa-20051201-httphttp.nasl)

Bugtraq ID: 15602

CVE ID: CVE-2005-3921