Cisco IOS HTTP Configuration Unauthorized Administrative Access

high Nessus Plugin ID 10700

Synopsis

The remote router allows authentication to be bypassed and arbitrary commands to be executed.

Description

It is possible to execute arbitrary commands on the remote Cisco router. An attacker may leverage this issue to disable network access via this device or lock legitimate users out of the router.

Solution

Disable the web configuration interface completely.

See Also

http://www.nessus.org/u?dba2bf4f

Plugin Details

Severity: High

ID: 10700

File Name: cisco_http_admin_access.nasl

Version: 1.38

Type: remote

Family: CISCO

Published: 7/2/2001

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 7.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/o:cisco:ios

Exploit Available: true

Exploit Ease: Exploits are available

Exploited by Nessus: true

Patch Publication Date: 6/27/2001

Vulnerability Publication Date: 6/27/2001

Reference Information

CVE: CVE-2001-0537

BID: 2936

CWE: 287