[Snort-sigs] Snort-DB: Sid 1250

Mathieu Dessus mdessus at ...324...
Tue Feb 12 01:42:01 EST 2002


# This is a template for submitting snort signature descriptions to
# the snort.org website
#
# Ensure that your descriptions are your own
# and not the work of others.  References in the rules themselves
# should be used for linking to other's work.
#
# If you are unsure of some part of a rule, use that as a commentary
# and someone else perhaps will be able to fix it.
#
# $Id$
#
#

Rule: WEB-MISC Cisco IOS HTTP configuration attempt


--
Sid: 1250

--
Summary: Attempt to gain administrative privileges on a Cisco.

--
Impact: An attacker may take the full control of your Cisco router or
crash it.

--
Detailed Information: By accessing the web server of your vulnerable
Cisco router with a specially crafted URL, it is possible to gain full
administrative access. With certain URL, this may also crash the router.

--
Attack Scenarios: An URL of a such type:
http://ciscoaddress/level/90/exec/ with the number tha may vary form
16 to 99, and the URL may continue with an IOS command.

--
Ease of Attack: Easy (if the attacker does not crash the router).

--
False Positives:

--
False Negatives:

--
Corrective Action: Upgrade your IOS version.

--
Contributors:

-- Additional References:



---------------------------------------------------------------------
  Mathieu Dessus                                 R&D CF6  Telindus
      mdessus at ...357...                   http://www.telindus.fr/





More information about the Snort-sigs mailing list