[ advisories | exploits | discussions | news | conventions | security tools | texts & papers ]
 main menu
- feedback
- advertising
- privacy
- FightAIDS
- newsletter
- news
 
 discussions
- read forum
- new topic
- search
 

 meetings
- meetings list
- recent additions
- add your info
 
 top 100 sites
- visit top sites
- sign up now
- members
 
 webmasters

- add your url
- add domain
- search box
- link to us

 
 projects
- our projects
- free email
 
 m4d network
- security software
- secureroot
- m4d.com
Home : Advisories : Cisco Catalyst remote command execution

Title: Cisco Catalyst remote command execution
Released by: Defcom Labs
Date: 26th October 2000
Printable version: Click here 
======================================================================

                   Defcom Labs Advisory def-2000-02



               Cisco Catalyst remote command execution



Author: Olle Segerdahl 

Release Date: 2000-10-26

======================================================================

------------------------=[Brief Description]=-------------------------

The Catalyst 3500 XL series switches web configuration interface lets

any user execute any command on the system without logging in.



This issue was extremely easy to find, as Cisco provides a link to it

from the first page of the web configuration service. This is one of

the reasons I have decided to go public with the issue so soon.



------------------------=[Affected Systems]=--------------------------

Cisco Catalyst 3500 XL series switches

Probably all Catalyst switches using the same or similar software.



----------------------=[Detailed Description]=------------------------

Cisco Catalyst 3500 XL series switches have a webserver configuration

interface. This interface lets any anonymous web user execute any

command without supplying any authentication credentials by simply

requesting the /exec location from the webserver. An example follows:

http://catalyst/exec/show/config/cr

This URL will show the configuration file, with all user passwords.



---------------------------=[Workaround]=-----------------------------

Disable the web configuration interface completely. Await software fix.



Refer to your vendor's documentation for information on how to

configure the switch to disable the web configuration interface.



--------------------------=[Vendor Status]=---------------------------

Vendor was notified on 2000-10-10.

I was denied any information about what other products might have the

same problems and have not heard anything from Cisco since....



Expect a software fix release from Cisco soon.



======================================================================

            This release was brought to you by Defcom Labs



              labs@defcom.com             www.defcom.com

======================================================================






(C) 1999-2000 All rights reserved.