SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com
Sign Up!





Category:  Device (Router/Bridge/Hub)  >  Cisco IOS Vendors:  Cisco
Cisco IOS HTTP Server Input Validation Hole in Buffers Command Permits Cross-Site Scripting Attacks
SecurityTracker Alert ID:  1015275
SecurityTracker URL:  http://securitytracker.com/id?1015275
CVE Reference:  CVE-2005-3921   (Links to External Site)
Updated:  Oct 23 2009
Original Entry Date:  Nov 28 2005
Impact:  Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network
Exploit Included:  Yes   Vendor Confirmed:  Yes  
Advisory:  Cisco Security Advisory
Version(s): Tested on 12.0(2a)
Description:  Hugo Vazquez Carames reported a vulnerability in Cisco IOS in the HTTP server. A remote user can conduct cross-site scripting attacks.

The web-based '/level/15/exec/-/show/buffers' function does not properly filter HTML code from user-affected inputs before displaying the input. The 'dump' and 'packet' options are vulnerable.

A remote user can send a packet containing specially crafted HTML code to or though the target router. Then, when a target administrator uses the web-based buffers function to view system memory, the HTML code will be executed by the target administrator's browser. The code will originate from the router's web interface and will run in the security context of that interface. As a result, the code will be able to access data recently submitted by the target administrator via web form to the interface or take actions on the interface acting as the target administrator.

Cisco has assigned Cisco Bug ID CSCsc64976 to this vulnerability.

The original advisory is available at:

http://www.infohacking.com/INFOHACKING_RESEARCH/Our_Advisories/c isco/index.html

Hugo Vazquez Carames, iDefense, and Adrian Pastor (ProCheckup Ltd) reported this vulnerability.
Impact:  A remote user can access data recently submitted by the target administrator via web form to the web interface or take actions on the web interface acting as the target administrator.
Solution:  No solution was available at the time of this entry.

The vendor issued an advisory confirming the vulnerability and providing some workarounds, available at:

http://www.cisco.com/warp/public/707/cisco-sa-20051201-http.shtml
Vendor URL:  www.cisco.com/warp/public/707/cisco-sa-20051201-http.shtml (Links to External Site)
Cause:  Input validation error
Reported By:  Hugo Vazquez Carames <hugo@infohacking.com>
Message History:   None.

 Source Message Contents
Date:  Mon, 28 Nov 2005 04:22:09 +0100
From:  Hugo =?iso-8859-15?q?V=E1zquez_Caram=E9s?= <hugo@infohacking.com>
Subject:  IOS HTTP Server code injection/execution

 
Maybe of your interest:
 
http://www.infohacking.com/INFOHACKING_RESEARCH/Our_Advisories/cisco/index.html
 
-- "¡Triste época la nuestra! Es más fácil desintegrar un átomo que un prejuicio." 
Albert Einstein "Que dos y dos sean necesariamente cuatro, es una opinión que muchos 
compartimos. Pero si alguien sinceramente piensa otra cosa, que lo diga. Aquí no nos 
asombramos de nada." Antonio Machado


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2007, SecurityGlobal.net LLC