SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Device (Router/Bridge/Hub)  >   Cisco IOS Vendors:   Cisco
Cisco IOS HTTP Server Input Validation Hole in Buffers Command Permits Cross-Site Scripting Attacks
SecurityTracker Alert ID:  1015275
SecurityTracker URL:  http://securitytracker.com/id/1015275
CVE Reference:   CVE-2005-3921   (Links to External Site)
Updated:  Oct 23 2009
Original Entry Date:  Nov 28 2005
Impact:   Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network
Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): Tested on 12.0(2a)
Description:   Hugo Vazquez Carames reported a vulnerability in Cisco IOS in the HTTP server. A remote user can conduct cross-site scripting attacks.

The web-based '/level/15/exec/-/show/buffers' function does not properly filter HTML code from user-affected inputs before displaying the input. The 'dump' and 'packet' options are vulnerable.

A remote user can send a packet containing specially crafted HTML code to or though the target router. Then, when a target administrator uses the web-based buffers function to view system memory, the HTML code will be executed by the target administrator's browser. The code will originate from the router's web interface and will run in the security context of that interface. As a result, the code will be able to access data recently submitted by the target administrator via web form to the interface or take actions on the interface acting as the target administrator.

Cisco has assigned Cisco Bug ID CSCsc64976 to this vulnerability.

The original advisory is available at:

http://www.infohacking.com/INFOHACKING_RESEARCH/Our_Advisories/cisco/index.html

Hugo Vazquez Carames, iDefense, and Adrian Pastor (ProCheckup Ltd) reported this vulnerability.

Impact:   A remote user can access data recently submitted by the target administrator via web form to the web interface or take actions on the web interface acting as the target administrator.
Solution:   No solution was available at the time of this entry.

The vendor issued an advisory confirming the vulnerability and providing some workarounds, available at:

http://www.cisco.com/warp/public/707/cisco-sa-20051201-http.shtml

Vendor URL:  www.cisco.com/warp/public/707/cisco-sa-20051201-http.shtml (Links to External Site)
Cause:   Input validation error

Message History:   None.


 Source Message Contents

Subject:  IOS HTTP Server code injection/execution

Maybe of your interest:

http://www.infohacking.com/INFOHACKING_RESEARCH/Our_Advisories/cisco/index.html

asombramos de nada." Antonio Machado 
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC