>From BUGTRAQ: Subject: Advisory def-2000-02: Cisco Catalyst remote command execution ====================================================================== Defcom Labs Advisory def-2000-02 Cisco Catalyst remote command execution Author: Olle Segerdahl <[EMAIL PROTECTED]> Release Date: 2000-10-26 ====================================================================== ------------------------=[Brief Description]=------------------------- The Catalyst 3500 XL series switches web configuration interface lets any user execute any command on the system without logging in. This issue was extremely easy to find, as Cisco provides a link to it from the first page of the web configuration service. This is one of the reasons I have decided to go public with the issue so soon. ------------------------=[Affected Systems]=-------------------------- Cisco Catalyst 3500 XL series switches Probably all Catalyst switches using the same or similar software. ----------------------=[Detailed Description]=------------------------ Cisco Catalyst 3500 XL series switches have a webserver configuration interface. This interface lets any anonymous web user execute any command without supplying any authentication credentials by simply requesting the /exec location from the webserver. An example follows: http://catalyst/exec/show/config/cr This URL will show the configuration file, with all user passwords. ---------------------------=[Workaround]=----------------------------- Disable the web configuration interface completely. Await software fix. Refer to your vendor's documentation for information on how to configure the switch to disable the web configuration interface. --------------------------=[Vendor Status]=--------------------------- Vendor was notified on 2000-10-10. I was denied any information about what other products might have the same problems and have not heard anything from Cisco since.... Expect a software fix release from Cisco soon. ====================================================================== This release was brought to you by Defcom Labs [EMAIL PROTECTED] www.defcom.com ====================================================================== -- Jay Hennigan - Network Administration - [EMAIL PROTECTED] NetLojix Communications, Inc. NASDAQ: NETX - http://www.netlojix.com/ WestNet: Connecting you to the planet. 805 884-6323 _________________________________ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]