|
Bugtraq
mailing list archives
Re: Advisory def-2000-02: Cisco Catalyst remote command execution
From: Andrew Frith <AndrewF () GATEWAY BM>
Date: Thu, 26 Oct 2000 17:35:10 -0300
I was unable to reproduce this on a 2924-XL running version 11.2(8.2)SA6. Entering that URL in a web browser prompts
for a password. It will only execute once the enable password has been entered.
Olle Segerdahl <Olle.Segerdahl () DEFCOM-SEC COM> 10/26/00 05:51AM >>>
----------------------=[Detailed Description]=------------------------
Cisco Catalyst 3500 XL series switches have a webserver configuration
interface. This interface lets any anonymous web user execute any
command without supplying any authentication credentials by simply
requesting the /exec location from the webserver. An example follows:
http://catalyst/exec/show/config/cr
This URL will show the configuration file, with all user passwords.
 By Date 
By Thread
Current thread:
| 
Intro
