cbcvebase.
CVE-2000-0945
published 2000-12-19

CVE-2000-0945: The web configuration interface for Catalyst 3500 XL switches allows remote attackers to execute arbitrary commands without authentication when the enable…

PriorityP357critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
72.58%
99.4th percentile
The web configuration interface for Catalyst 3500 XL switches allows remote attackers to execute arbitrary commands without authentication when the enable password is not set, via a URL containing the /exec/ directory.

Detection & IOCsextracted from sources · hover to see the quote

url/exec/show/config/cr
path/exec/
commandGET /exec/show/config/cr HTTP/1.0
commandGET /exec$k HTTP/1.0
  • Alert on any unauthenticated HTTP GET request containing the path prefix '/exec/' directed at Cisco Catalyst 3500 XL web management interface (TCP/80). This is the core exploitation pattern for CVE-2000-0945.
  • The vulnerability is only exploitable when the enable password is NOT set on the device. Audit Cisco Catalyst 3500 XL devices for missing enable passwords as a prerequisite detection/hardening check.
  • Monitor HTTP access logs on Cisco device management interfaces for GET requests matching the pattern '/exec/' from unauthenticated or anonymous sources.
  • ·The vulnerability only exists when the enable password is not configured on the Cisco Catalyst 3500 XL switch. If an enable password is set, the web interface requires authentication and the attack path is blocked.
  • ·The Metasploit module for Cisco device manager supports optional HTTP authentication via HttpUsername and HttpPassword options, indicating that some device configurations may have credentials set which would prevent exploitation.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.