Cisco.IOS.HTTP.Remote.Command.Execution
Description
This indicates an attempt to exploit a Remote Command Execution vulnerability in Cisco IOS device administration.
There exists a vulnerability in Cisco IOS devices that can be exploited by sending a carefully-constructed URL. By doing this a remote attacker can execute arbitrary commands when the HTTP server is enabled and local authorization is used.
Affected Products
Any Cisco IOS 11.3 to 12.2 (except 10.3, 11.0, 11.1, and 11.2) using local authentication databases, with the HTTP server enabled, is vulnerable to the attack.
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Upgrade IOS to non-vulnerable releases.
Disable the HTTP server.
Enable TACACS+ or radius authentication.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |
Version Updates
Date | Version | Detail |
---|---|---|
2019-02-15 | 14.554 | Sig Added |