SkipNavigation
Home | FAQ | Contact | Privacy Policy
US-CERT
American Flag
  Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information


 
 View Notes By
  Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric
 Other Documents
  Technical Alerts

Technical Bulletins

Alerts

Security Tips

Vulnerability Note VU#205225

Cisco Router Web Setup (CRWS) contains an insecure default IOS configuration

Overview

A vulnerability in the Cisco Router Web Setup (CRWS) web configuration tool on some Cisco 800 and SOHO series routers may allow remote execution of system-level commands with no authentication.

I. Description

Cisco Router Web Setup Tool

The Cisco Router Web Setup tool, or CRWS, provides a GUI for an administrator configuring a Cisco 800 or SOHO series router. The Cisco IOS HTTP server provides the user interface, and is enabled by default on these routers. The CRWS may be enabled by default on the public interface, therefore may be accessible via the Internet.

enable password / enable secret
These IOS commands set the administrator passwords on Cisco 800 and SOHO series routers.

The Problem
The configuration shipped with the CRWS application does not include an enable password or enable secret command. This default configuration may allow execution of commands through the web interface at privilege level 15 (the highest level available) without requiring any authentication credentials.

The following products are affected by this vulnerability:
Cisco 806, Cisco 826, Cisco 827, Cisco 827H, Cisco 827-4v, Cisco 828, Cisco 831, Cisco 836, Cisco 837, Cisco SOHO 71, Cisco SOHO 76, Cisco SOHO 77, Cisco SOHO 77H, Cisco SOHO 78, Cisco SOHO 91, Cisco SOHO 96, Cisco SOHO 97.

II. Impact

A remote, unauthenticated attacker may be able to run commands at privilege level 15 through the web interface.

III. Solution

Upgrade

Cisco has provided an upgrade to address this vulnerability. See Cisco Security Advisory cisco-sa-20060712-crws for more information.

Workarounds
Cisco has provided three workarounds for this vulnerability:

    1. Disable the Cisco IOS HTTP server.
    2. Configure a password manually.
    3. Enable authentication of requests to the HTTP Server by using a different authentication system.
Details on applying these workarounds can be found in the workarounds section of cisco-sa-20060712.

Systems Affected
VendorStatusDate NotifiedDate Updated
Cisco Systems, Inc.Vulnerable14-Jul-2006

References


http://www.cisco.com/warp/public/707/cisco-sa-20060712-crws.shtml
http://secunia.com/advisories/21028/

Credit

This vulnerability was reported by Cisco Systems Product Security Incident Response Team.

This document was written by Ryan Giobbi.

Other Information

Date Public:2006-07-12
Date First Published:2006-07-14
Date Last Updated:2006-07-14
CERT Advisory: 
CVE-ID(s): 
NVD-ID(s): 
US-CERT Technical Alerts: 
Metric:46.50
Document Revision:23

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

 
Page Corner Image
Produced 2006 by US-CERT, a government organization
Disclaimers and copyright information
Get Adobe Reader Get Adobe Reader