Vigil@nce: Cisco 871, command execution
September 2008 by Vigil@nce
An attacker can create a web page creating a Cross Site Request
Forgery attack in order to execute commands with privileges of the
victim connected to the administrative interface of the Cisco
Router 871.
– Gravity: 2/4
– Consequences: administrator access/rights, privileged access/rights
– Provenance: document
– Means of attack: 1 attack
– Ability of attacker: technician (2/4)
– Confidence: unique source (2/5)
– Diffusion of the vulnerable configuration: high (3/3)
– Creation date: 18/09/2008
– Identifier: VIGILANCE-VUL-8117
IMPACTED PRODUCTS
– Cisco IOS [confidential versions]
– Cisco Router [confidential versions]
DESCRIPTION
The Cisco 871 router can be administered via a web interface. An
authentication is requested.
As long as the administrator is authenticated, he can browse
external web sites containing urls like:
http://router/level/15/exec/- ...
However, when these urls are displayed, with the help of a
JavaScript code to post a form, the associated commands are
executed.
An attacker can therefore invite the victim to see a web site in
order to automatically change the configuration of the router.
CHARACTERISTICS
– Identifiers: BID-31218, VIGILANCE-VUL-8117
– Url: https://vigilance.aql.fr/tree/1/8117