Cisco Catalyst 3500 XL Remote Arbitrary Command Execution Vulnerability
BID:1846
Info
Cisco Catalyst 3500 XL Remote Arbitrary Command Execution Vulnerability
| Bugtraq ID: | 1846 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Oct 26 2000 12:00AM |
| Updated: | Oct 26 2000 12:00AM |
| Credit: | Discovered and posted to Bugtraq by Olle Segerdahl <[email protected]> on Oct 26, 2000. |
| Vulnerable: |
Cisco Catalyst 3500 XL |
| Not Vulnerable: | |
Discussion
Cisco Catalyst 3500 XL Remote Arbitrary Command Execution Vulnerability
A vulnerability exists in the webserver configuration interface which will allow an anonymous user to execute commands. A http request which includes /exec and a known filename will reveal the contents of the particular file. In addition to disclosing the contents of files, this vulnerability could allow a user to execute arbitrary code.
A vulnerability exists in the webserver configuration interface which will allow an anonymous user to execute commands. A http request which includes /exec and a known filename will reveal the contents of the particular file. In addition to disclosing the contents of files, this vulnerability could allow a user to execute arbitrary code.
Exploit / POC
Cisco Catalyst 3500 XL Remote Arbitrary Command Execution Vulnerability
There is no exploit required to exploit this vulnerability. The following proof-of-concept exploit has been released:
There is no exploit required to exploit this vulnerability. The following proof-of-concept exploit has been released:
Solution / Fix
Cisco Catalyst 3500 XL Remote Arbitrary Command Execution Vulnerability
Solution:
Currently the SecurityFocus staff are not aware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Solution:
Currently the SecurityFocus staff are not aware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
References
Cisco Catalyst 3500 XL Remote Arbitrary Command Execution Vulnerability
References:
References:
- Cisco Catalyst 3500 Product Homepage (Cisco Systems)