Results 1 to 2 of 2

Thread: Cisco IOS vulnerability exploit?

  1. #1
    Member
    Join Date
    Apr 2007
    Posts
    163

    Default Cisco IOS vulnerability exploit?

    Hey all,

    i am actually checking a cisco ios router and tried to exploit the http authorization vulnerability ( http://www.cisco.com/warp/public/707...tp-level.shtml ). The problem is that i don't get any response. i tried to simply do commands in the browser, so just start

    http://10.11.12.xxx/level/17/exec/something

    and also tried two more xploit codes listed here:

    http://www.securiteam.com/exploits/5UP031F4UQ.html

    but it didn't work. The "cisco global exploiter" says it is vulnerable on number 17. The router is just "swallowing" everything i send. i get no feedback, no error message, nothing. wireshark shows the input from my side, no output from the router (just quitting with ACK'S). The logs on the router don't show anything, even if i set the alert level higher.

    Google says nothing (at least i think i used the right keywords;-) , the forum says nothing. so any suggestions, help, whatsoever would be appreciated. Perhaps someone experienced the same issue.

    Greetings
    operator
    The answer is 42.

  2. #2
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default

    Is web management of the device even enabled? Do you get a web page when you visit: http://10.11.12.xxx ?

    The code you linked was from 2001 are you sure the device is actually vulnerable?

    Did you actually do any recon and check the IOS version #s?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •