Cisco IOS HTTP Configuration Unauthorized Administrative Access

This script is Copyright (C) 2001-2016 Tenable Network Security, Inc.

Synopsis :

The remote router allows authentication to be bypassed and arbitrary
commands to be executed.

Description :

It is possible to execute arbitrary commands on the remote Cisco
router. An attacker may leverage this issue to disable network access
via this device or lock legitimate users out of the router.

See also :

Solution :

Disable the web configuration interface completely.

Risk factor :

High / CVSS Base Score : 9.3
CVSS Temporal Score : 8.1
Public Exploit Available : true

Family: CISCO

Nessus Plugin ID: 10700 (cisco_http_admin_access.nasl)

Bugtraq ID: 2936

CVE ID: CVE-2001-0537

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now