Reported June 27, 2001, by Cisco Systems.
VERSIONS AFFECTED
All Cisco Products using the Internetwork Operating System release 11.3 or later, including (but not limited to):
-
800, 1000, 1005, 1400, 1600, 1700, 2500, 2600, 3600, MC3810, 4000, 4500, 4700, 6200, 6400 NRP, 6400 NSP series Cisco routers
-
ubr900 and ubr920 universal broadband routers
-
Catalyst 2900 ATM, 2900XL, 2948g, 3500XL, 4232, 4840g, 5000 RSFC series switches
-
5200, 5300, 5800 series access servers
-
Catalyst 6000 MSM, 6000 Hybrid Mode, 6000 Native Mode, 6000 Supervisor Module, Catalyst ATM Blade
-
RSM, 7000, 7010, 7100, 7200, ubr7200, 7500, 10000 ESR, and 12000 GSR series Cisco routers
-
DistributedDirector
-
Catalyst 8510CSR, 8510MSR, 8540CSR, 8540MSR series switches
DESCRIPTION
A
vulnerability exists in Cisco’s Internetwork Operating System HTTP server that
lets an unauthorized user bypass authentication and exercise complete control
over the device by sending a crafted URL. An attacker can exploit this
vulnerability only by using a local database for authentication (with usernames
and passwords being defined on the device itself). Although using the same URL
would not be effective against every Cisco Internet Operating System software
and hardware combination, 84 different combinations are possible.
VENDOR RESPONSE
Cisco has issued a notice regarding this vulnerability. To work around this problem, users can disable the HTTP server on the router, or use another authentication method (e.g., RADIUS). The company recommends that users obtain a firmware upgrade through the Software Center on Cisco's Web site or through Cisco's distribution channels.
CREDIT
Discovered by Cisco Systems.
