Cisco 600 Series Web Administration Denial of Service Vulnerability
BID:2012
Info
Cisco 600 Series Web Administration Denial of Service Vulnerability
| Bugtraq ID: | 2012 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: | |
| Remote: | Yes |
| Local: | Yes |
| Published: | Nov 28 2000 12:00AM |
| Updated: | Nov 28 2000 12:00AM |
| Credit: | This vulnerability was first reported to Bugtraq on November 28, 2000 by CDI <[email protected]> |
| Vulnerable: |
Cisco CBOS 2.3.8 Cisco CBOS 2.3.7 Cisco CBOS 2.3.5 Cisco CBOS 2.3.2 Cisco CBOS 2.3 Cisco CBOS 2.2.1 a Cisco CBOS 2.2.1 Cisco CBOS 2.2 Cisco CBOS 2.1 a Cisco CBOS 2.1 Cisco CBOS 2.0.1 |
| Not Vulnerable: |
Cisco CBOS 2.4.1 Cisco CBOS 2.3.9 Cisco CBOS 2.3.7 .002 Cisco CBOS 2.3.5 .015 |
Discussion
Cisco 600 Series Web Administration Denial of Service Vulnerability
The Cisco 600 series DSL Router is a popular DSL router in wide use and distributed to major telco's for their SOHO clients.
A vulnerability exists in the CBOS firmware used by the Cisco 600 series DSL Routers. It may allow a remote attacker to initiate a Denial of Service attack against the router requiring it to be power cycled in order to resume normal operation.
If the Cisco 600 series DSL Router has the Web Administration Interface enabled, a remote attacker could telnet to the router and issue a simple malformed HTTP GET request. Once connected via telnet to the Web Administration Interface, issuing the command GET ? \n \n will crash the telnet session as well as the router, requiring it be power cycled before resuming normal operation.
It has been discovered that this vulnerability is being exploited through the 'Code Red' worm.
The Cisco 600 series DSL Router is a popular DSL router in wide use and distributed to major telco's for their SOHO clients.
A vulnerability exists in the CBOS firmware used by the Cisco 600 series DSL Routers. It may allow a remote attacker to initiate a Denial of Service attack against the router requiring it to be power cycled in order to resume normal operation.
If the Cisco 600 series DSL Router has the Web Administration Interface enabled, a remote attacker could telnet to the router and issue a simple malformed HTTP GET request. Once connected via telnet to the Web Administration Interface, issuing the command GET ? \n \n will crash the telnet session as well as the router, requiring it be power cycled before resuming normal operation.
It has been discovered that this vulnerability is being exploited through the 'Code Red' worm.
Exploit / POC
Cisco 600 Series Web Administration Denial of Service Vulnerability
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution / Fix
Cisco 600 Series Web Administration Denial of Service Vulnerability
Solution:
Cisco has released an advisory regarding the impact of the 'Code Red' worm on it's products. Please see the reference section for complete details.
Cisco has released CBOS updates for this issue. Please see the following URL for information on how to download the updates, or contact Cisco Technical Assistance Center <[email protected]> to obtain the updates:
http://www.qwest.com/dsl/customerservice/modemsupport.html
Solution:
Cisco has released an advisory regarding the impact of the 'Code Red' worm on it's products. Please see the reference section for complete details.
Cisco has released CBOS updates for this issue. Please see the following URL for information on how to download the updates, or contact Cisco Technical Assistance Center <[email protected]> to obtain the updates:
http://www.qwest.com/dsl/customerservice/modemsupport.html