| VID |
29017 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CISCO |
| Detailed Description |
A problem in the Cisco IOS HTTP Configuration allows remote users to gain full administrative privileges.
IOS is router firmware developed and distributed by Cisco Systems. IOS functions on numerous Cisco devices, including routers and switches. All releases of Cisco IOS software, starting with the release 11.3 and later, are vulnerable. Products that are not running Cisco IOS software are not vulnerable.
When HTTP server on the devices is enabled and local authorization is used, It is possible to gain full remote administrative access on devices using affected releases of IOS. By using a URL of http://router.address/level/$NUMBER/exec/.... where $NUMBER is an integer between 16 and 99, it is possible to bypass authentication and execute any command on the router at level 15 (enable level, the most privileged level). This problem makes it possible for a remote user to gain full administrative privileges, which may lead to further compromise of the network or result in a denial of service.
* References:
http://www.iss.net/security_center/static/6749.php |
| Recommendation |
Obtain fixed software of the affected devices and patch the devices. Upgraded software can obtain through your regular update channels, or through the Software Center on Cisco's Worldwide Web site at http://www.cisco.com.
The workaround for this vulnerability is to disable HTTP server on the router or to use TACACS+ or Radius for authentication.
To disable HTTP server, use the following commands:
Router# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)# no ip http server
In order to configure TACACS+ or Radius for authentication please consult the following link:
http://www.cisco.com/warp/public/480/tacplus.shtml |
| Related URL |
CVE-2001-0537 (CVE) |
| Related URL |
2936 (SecurityFocus) |
| Related URL |
(ISS) |
|
