Overview
A vulnerability exists in multiple versions of Cisco's Internetworking Operating System (IOS) software that allows an attacker to force affected switches and routers to crash and reboot.
Description
To exploit this vulnerability, the IOS HTTP interface must be enabled and the attacker must transmit a request for "http://router-ip/anytext?/". Upon sending the request, the attacker will be asked for the device's "enable" password. If the password prompt is successfully answered, the software becomes trapped in a loop until a two-minute watchdog timer expires, causing the device to restart. |
Impact
An attacker can force affected products to reboot, resulting in a denial-of-service while the device is restarting. In some situations, the device may not restart properly without manual intervention such as a power cycle. |
Solution
Apply a patch from Cisco Cisco has provided patches for affected versions of the IOS software. For further details, please consult the vendor section of this document. |
Choose appropriate passwords
|
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
- http://www.cisco.com/warp/public/707/ioshttpserverquery-pub.shtml
- http://www.cisco.com/warp/public/707/cisco-sn-20040326-exploits.shtml
- http://www.core-sdi.com/advisories/cisco_ios_web_adm.htm
- http://www.securityfocus.com/bid/1838
- http://xforce.iss.net/static/5412.php
- http://www.cert.org/security-improvement/practices/p069.html
Acknowledgements
The CERT/CC thanks CORE SDI for discovering this vulnerability and Cisco for the information contained in their advisory.
The CERT/CC portions of this document were written by Jeffrey P. Lanza based on information from the Cisco advisory.
Other Information
| CVE IDs: | CVE-2000-0984 |
| Severity Metric: | 0.90 |
| Date Public: | 2000-10-25 |
| Date First Published: | 2000-11-08 |
| Date Last Updated: | 2004-03-30 19:43 UTC |
| Document Revision: | 38 |