ID CVE-2000-0945
Summary The web configuration interface for Catalyst 3500 XL switches allows remote attackers to execute arbitrary commands without authentication when the enable password is not set, via a URL containing the /exec/ directory.
References
Vulnerable Configurations
  • Cisco Catalyst 3500 XL
    cpe:2.3:h:cisco:catalyst_3500_xl
CVSS
Base: 10.0 (as of 01-01-2004 - 00:00)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
exploit-db via4
description Cisco Catalyst 3500 XL Remote Arbitrary Command Execution Vulnerability. CVE-2000-0945. Remote exploit for hardware platform
id EDB-ID:20330
last seen 2016-02-02
modified 2000-10-26
published 2000-10-26
reporter blackangels
source https://www.exploit-db.com/download/20330/
title Cisco Catalyst 3500 XL Remote Arbitrary Command Execution Vulnerability
metasploit via4
description This module gathers data from a Cisco device (router or switch) with the device manager web interface exposed. The HttpUsername and HttpPassword options can be used to specify authentication.
id MSF:AUXILIARY/SCANNER/HTTP/CISCO_DEVICE_MANAGER
last seen 2019-03-12
modified 2018-10-16
published 2010-12-11
reliability Normal
reporter Rapid7
source https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/cisco_device_manager.rb
title Cisco Device HTTP Device Manager Access
nessus via4
NASL family CISCO
NASL id CISCO_CATALYST.NASL
description The remote device appears to be a Cisco Catalyst. It is possible to execute arbitrary commands on the router by requesting them via HTTP, as in : /exec/show/config/cr This command shows the configuration file, which contains passwords. A remote attacker could use this flaw to take control of the router.
last seen 2019-02-21
modified 2018-11-15
plugin id 10545
published 2000-11-10
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=10545
title Cisco Catalyst Web Interface Remote Command Execution
refmap via4
bid 1846
bugtraq
  • 20001026 Advisory def-2000-02: Cisco Catalyst remote command execution
  • 20001113 Re: 3500XL
osvdb 444
xf cisco-catalyst-remote-commands(5415)
saint via4
bid 1846
description Cisco IOS HTTP exec path command execution
id net_cisco_webcmd
osvdb 444
title cisco_ios_http_exec
type remote
Last major update 05-09-2008 - 16:22
Published 19-12-2000 - 00:00
Last modified 09-10-2017 - 21:29
Back to Top