[Snort-sigs] Snort-DB: Sid 1250

g.coochey at ...138... g.coochey at ...138...
Tue Feb 12 02:27:01 EST 2002


> # This is a template for submitting snort signature descriptions to
> # the snort.org website
> #
> # Ensure that your descriptions are your own
> # and not the work of others.  References in the rules themselves
> # should be used for linking to other's work.
> #
> # If you are unsure of some part of a rule, use that as a commentary
> # and someone else perhaps will be able to fix it.
> #
> # $Id$
> #
> #
> 
> Rule: WEB-MISC Cisco IOS HTTP configuration attempt
> 
> 
> --
> Sid: 1250
> 
> --
> Summary: Attempt to gain administrative privileges on a Cisco.
> 
> --
> Impact: An attacker may take the full control of your Cisco router or
> crash it.
> 
> --
> Detailed Information: By accessing the web server of your vulnerable
> Cisco router with a specially crafted URL, it is possible to gain full
> administrative access. With certain URL, this may also crash the router.
> 
> --
> Attack Scenarios: An URL of a such type:
> <a href="/bti/redirect.html?http://ciscoaddress/level/90/exec/" target="newLink">http://ciscoaddress/level/90/exec/</a> with the number tha may vary form
> 16 to 99, and the URL may continue with an IOS command.
> 
> --
> Ease of Attack: Easy (if the attacker does not crash the router).
> 
> --
> False Positives:
> 
> --
> False Negatives:
> 
> --
> Corrective Action: Upgrade your IOS version.
> 

or disable http configuration access on your router with the global configuration command: "no ip http server".


> --
> Contributors:
> 
> -- Additional References:
> 
> 
> 
> ---------------------------------------------------------------------
>   Mathieu Dessus                                 R&D CF6  Telindus
>       mdessus at ...357...                   <a href="/bti/redirect.html?http://www.telindus.fr/" target="newLink">http://www.telindus.fr/</a>
> 
> 
> _______________________________________________
> Snort-sigs mailing list
> Snort-sigs at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-sigs





More information about the Snort-sigs mailing list