CVE-2000-0945
published 2000-12-19CVE-2000-0945: The web configuration interface for Catalyst 3500 XL switches allows remote attackers to execute arbitrary commands without authentication when the enable…
PriorityP357critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
72.58%
99.4th percentile
The web configuration interface for Catalyst 3500 XL switches allows remote attackers to execute arbitrary commands without authentication when the enable password is not set, via a URL containing the /exec/ directory.
Detection & IOCsextracted from sources · hover to see the quote
- →Alert on any unauthenticated HTTP GET request containing the path prefix '/exec/' directed at Cisco Catalyst 3500 XL web management interface (TCP/80). This is the core exploitation pattern for CVE-2000-0945. ↗
- →The vulnerability is only exploitable when the enable password is NOT set on the device. Audit Cisco Catalyst 3500 XL devices for missing enable passwords as a prerequisite detection/hardening check. ↗
- →Monitor HTTP access logs on Cisco device management interfaces for GET requests matching the pattern '/exec/' from unauthenticated or anonymous sources. ↗
- ·The vulnerability only exists when the enable password is not configured on the Cisco Catalyst 3500 XL switch. If an enable password is set, the web interface requires authentication and the attack path is blocked. ↗
- ·The Metasploit module for Cisco device manager supports optional HTTP authentication via HttpUsername and HttpPassword options, indicating that some device configurations may have credentials set which would prevent exploitation. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Cisco Catalyst 3500 XL - Arbitrary Command Execution
exploitdb·2000-10-26
CVE-2000-0945 Cisco Catalyst 3500 XL - Arbitrary Command Execution
Cisco Catalyst 3500 XL - Arbitrary Command Execution
---
source: https://www.securityfocus.com/bid/1846/info
A vulnerability exists in the webserver configuration interface which will allow an anonymous user to execute commands. A http request which includes /exec and a known filename will reveal the contents of the particular file. In addition to disclosing the contents of files, this vulnerability could allow a user to execute arbitrary code.
#!/usr/bin/perl
##
# Cisco Global Exploiter
#
# Legal notes :
# The BlackAngels staff refuse all responsabilities
# for an incorrect or illegal use of this software
# or for eventual damages to others systems.
#
# http://www.blackangels.it
##
##
# Modules
##
use Socket;
use IO::Socket;
##
# Main
##
$host = "";
$expvuln = "";
$host = @ARG
Metasploit
Cisco Device HTTP Device Manager Access
metasploit
Cisco Device HTTP Device Manager Access
Cisco Device HTTP Device Manager Access
This module gathers data from a Cisco device (router or switch) with the device manager web interface exposed. The HttpUsername and HttpPassword options can be used to specify authentication.
No writeups or analysis indexed.
http://archives.neohapsis.com/archives/bugtraq/2000-10/0380.htmlhttp://archives.neohapsis.com/archives/bugtraq/2000-11/0194.htmlhttp://www.osvdb.org/444http://www.securityfocus.com/bid/1846https://exchange.xforce.ibmcloud.com/vulnerabilities/5415http://archives.neohapsis.com/archives/bugtraq/2000-10/0380.htmlhttp://archives.neohapsis.com/archives/bugtraq/2000-11/0194.htmlhttp://www.osvdb.org/444http://www.securityfocus.com/bid/1846https://exchange.xforce.ibmcloud.com/vulnerabilities/5415
2000-12-19
Published