Cisco.IOS.HTTP.Command.Execution
Description
It indicates an attempt to exploit a vulnerability in Cisco IOS device administration.
There exists a vulnerability in Cisco IOS devices that can be exploited by sending a carefully-constructed URL. By doing this a remote attacker can execute arbitrary commands when the HTTP server is enabled and local authorization is used.
Affected Products
Any Cisco IOS 11.3 to 12.2 (except 10.3, 11.0, 11.1, and 11.2) using local authentication databases, with the HTTP server enabled, is vulnerable to the attack.
Impact
Attackers can execute arbitrary commands on the victim device.
Recommended Actions
Upgrade IOS to non-vulnerable releases.
Disable the HTTP server.
Enable TACACS+ or radius authentication.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |
Version Updates
Date | Version | Detail |
---|---|---|
2019-02-15 | 14.554 |