18
2008
Cisco Cross-Site Request Forgery
An article by 
Cisco routers with the HTTP administration interface enabled are vulnerable to an CSRF (Cross-Site Request Forgery) vulnerability that can yield remote command execution with level 15 privileges.
An attacker can execute ANY command on the router with level 15 (root, same as enable) privileges (usually level 15 user by default) by getting a target user (administrator or etc) to view a web page that has the exploit embedded. The exploits can be modified to, on loading of the page with the exploits embedded, to execute both exec and configure commands on the Cisco router. These exploits have been tested on a Cisco 871 router running IOS 12.4 but are assumed to work universally on any router configured to use the HTTP interface.
These exploits have been tested in the following situations:
- Tab of Router HTTP Administration Interface is open somewhere on the browser.
- The session is still active @ Router HTTP Admin Interface.
- The browser used has the credentials saved (No prompts /w Safari).
- Nearly any situation where the target visits the page (But if not 1, 2, or 3 a prompt will usually pop up asking for credentials)
More info on http://jbrownsec.blogspot.com/2008/09/cisco-0day-released.html
Leave a comment
Archives
- February 2012
- December 2011
- November 2011
- October 2011
- September 2011
- August 2011
- July 2011
- June 2011
- May 2011
- April 2011
- March 2011
- February 2011
- January 2011
- December 2010
- November 2010
- October 2010
- September 2010
- July 2010
- June 2010
- May 2010
- April 2010
- March 2010
- February 2010
- January 2010
- December 2009
- November 2009
- October 2009
- September 2009
- August 2009
- July 2009
- June 2009
- May 2009
- April 2009
- March 2009
- February 2009
- January 2009
- December 2008
- November 2008
- October 2008
- September 2008