Signature Detail

Short Name	HTTP:CISCO:SCANNER-PROBE
Severity	Critical
Recommended	No
Recommended Action	Drop
Category	HTTP
Keywords	Cisco Scanner Probe
Release Date	2006/03/09
Update Number	1213
Supported Platforms	di-5.3+, idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

HTTP: Cisco Scanner Probe

This signature detects connections by the "Cisco Scanner" exploitation tool that searches for Cisco routers' HTTP administration interfaces and attempts to exploit them. Numerous vulnerabilities in the HTTP interface allow remote attackers complete control of the router.

Extended Description

IOS is router firmware developed and distributed by Cisco Systems. IOS functions on numerous Cisco devices, including routers and switches. It is possible to gain full remote administrative access on devices using affected releases of IOS. By using a URL of http://router.address/level/$NUMBER/exec/.... where $NUMBER is an integer between 16 and 99, it is possible for a remote user to gain full administrative access. This problem makes it possible for a remote user to gain full administrative privileges, which may lead to further compromise of the network or result in a denial of service.

Affected Products

Cisco IOS 11.3
Cisco IOS 11.3AA
Cisco IOS 11.3DA
Cisco IOS 11.3DB
Cisco IOS 11.3HA
Cisco IOS 11.3MA
Cisco IOS 11.3NA
Cisco IOS 11.3T
Cisco IOS 11.3XA
Cisco IOS 12.0
Cisco IOS 12.0(10)W5(18G)
Cisco IOS 12.0(14)W5(20)
Cisco IOS 12.0(5)XK
Cisco IOS 12.0(7)XK
Cisco IOS 12.0DA
Cisco IOS 12.0DB
Cisco IOS 12.0DC
Cisco IOS 12.0S
Cisco IOS 12.0SC
Cisco IOS 12.0SL
Cisco IOS 12.0ST
Cisco IOS 12.0T
Cisco IOS 12.0WC
Cisco IOS 12.0WT
Cisco IOS 12.0XA
Cisco IOS 12.0XB
Cisco IOS 12.0XC
Cisco IOS 12.0XD
Cisco IOS 12.0XE
Cisco IOS 12.0XF
Cisco IOS 12.0XG
Cisco IOS 12.0XH
Cisco IOS 12.0XI
Cisco IOS 12.0XJ
Cisco IOS 12.0XL
Cisco IOS 12.0XM
Cisco IOS 12.0XN
Cisco IOS 12.0XP
Cisco IOS 12.0XQ
Cisco IOS 12.0XR
Cisco IOS 12.0XS
Cisco IOS 12.0XU
Cisco IOS 12.0XV
Cisco IOS 12.1
Cisco IOS 12.1AA
Cisco IOS 12.1CX
Cisco IOS 12.1DA
Cisco IOS 12.1DB
Cisco IOS 12.1DC
Cisco IOS 12.1E
Cisco IOS 12.1EC
Cisco IOS 12.1EX
Cisco IOS 12.1EY
Cisco IOS 12.1EZ
Cisco IOS 12.1T
Cisco IOS 12.1XA
Cisco IOS 12.1XB
Cisco IOS 12.1XC
Cisco IOS 12.1XD
Cisco IOS 12.1XE
Cisco IOS 12.1XF
Cisco IOS 12.1XG
Cisco IOS 12.1XH
Cisco IOS 12.1XI
Cisco IOS 12.1XJ
Cisco IOS 12.1XK
Cisco IOS 12.1XL
Cisco IOS 12.1XM
Cisco IOS 12.1XP
Cisco IOS 12.1XQ
Cisco IOS 12.1XR
Cisco IOS 12.1XS
Cisco IOS 12.1XT
Cisco IOS 12.1XU
Cisco IOS 12.1XV
Cisco IOS 12.1XW
Cisco IOS 12.1XX
Cisco IOS 12.1XY
Cisco IOS 12.1XZ
Cisco IOS 12.1YA
Cisco IOS 12.1YB
Cisco IOS 12.1YC
Cisco IOS 12.1YD
Cisco IOS 12.1YF
Cisco IOS 12.2
Cisco IOS 12.2T
Cisco IOS 12.2XA
Cisco IOS 12.2XD
Cisco IOS 12.2XE
Cisco IOS 12.2XH
Cisco IOS 12.2XQ

References

BugTraq: 2936
CERT: CA-2001-14
CVE: CVE-2001-0537
URL: http://www.cisco.com/warp/public/707/IOS-httplevel-pub.html

Signature Detail

Short Name

Severity

Recommended

Recommended Action

Category

Keywords

Release Date

Update Number

Supported Platforms

HTTP: Cisco Scanner Probe

Extended Description

Affected Products

References