Cisco 'tech-support' Anonymous User Debugging Information Disclosure

low Nessus Network Monitor Plugin ID 2497

Synopsis

The remote host is vulnerable to a flaw that allows attackers to retrieve sensitive files or data.

Description

Cisco routers and switches ship with a default web interface that allows remote administrators to view the entire configuration via the web. Unfortunately, many of these devices are not password protected and allow anonymous users to download critical router/switch configuration information.
An attacker can download the Cisco configuration file by browsing to /exec/show/tech-support/cr

Solution

Enable passwords for the Cisco IOS web server.

Plugin Details

Severity: Low

ID: 2497

Family: Web Servers

Published: 1/6/2005

Updated: 1/15/2016