ID CVE-2000-0945
Summary The web configuration interface for Catalyst 3500 XL switches allows remote attackers to execute arbitrary commands without authentication when the enable password is not set, via a URL containing the /exec/ directory.
References
Vulnerable Configurations
  • cpe:2.3:h:cisco:catalyst_3500_xl:*:*:*:*:*:*:*:*
    cpe:2.3:h:cisco:catalyst_3500_xl:*:*:*:*:*:*:*:*
CVSS
Base: 10.0 (as of 10-10-2017 - 01:29)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:C/I:C/A:C
refmap via4
bid 1846
bugtraq
  • 20001026 Advisory def-2000-02: Cisco Catalyst remote command execution
  • 20001113 Re: 3500XL
osvdb 444
xf cisco-catalyst-remote-commands(5415)
saint via4
bid 1846
description Cisco IOS HTTP exec path command execution
id net_cisco_webcmd
osvdb 444
title cisco_ios_http_exec
type remote
Last major update 10-10-2017 - 01:29
Published 19-12-2000 - 05:00
Last modified 10-10-2017 - 01:29
Back to Top