Vulnerability Note VU#683677

Cisco IOS software vulnerable to DoS via HTTP request containing "?/"

Original Release date: 08 Nov 2000 | Last revised: 30 Mar 2004

Overview

A vulnerability exists in multiple versions of Cisco's Internetworking Operating System (IOS) software that allows an attacker to force affected switches and routers to crash and reboot.

Description

To exploit this vulnerability, the IOS HTTP interface must be enabled and the attacker must transmit a request for "http://router-ip/anytext?/". Upon sending the request, the attacker will be asked for the device's "enable" password. If the password prompt is successfully answered, the software becomes trapped in a loop until a two-minute watchdog timer expires, causing the device to restart.

Impact

An attacker can force affected products to reboot, resulting in a denial-of-service while the device is restarting. In some situations, the device may not restart properly without manual intervention such as a power cycle.

Solution

Apply a patch from Cisco

Cisco has provided patches for affected versions of the IOS software. For further details, please consult the vendor section of this document.

Choose appropriate passwords


To exploit this vulnerability, an attacker must know the enable password for the affected router or switch. Therefore, devices with either an easily guessable password or no password at all are particularly vulnerable. For further information on choosing appropriate passwords, please consult the CERT Security Practice, "Configure computers for user authentication."

Disable the HTTP management interface

If it is not possible or practical to immediately patch an affected device, disable its HTTP management interface to prevent exploitation of this vulnerability.

Restrict access to the HTTP management interface

If it is not possible to disable the HTTP management interface, users should restrict outside networks from accessing it. For information on how to implement these restrictions, please consult the Cisco advisory at

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
Cisco Systems Inc.Affected-09 Nov 2000
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A

References

Credit

The CERT/CC thanks CORE SDI for discovering this vulnerability and Cisco for the information contained in their advisory.

The CERT/CC portions of this document were written by Jeffrey P. Lanza based on information from the Cisco advisory.

Other Information

  • CVE IDs: CVE-2000-0984
  • Date Public: 25 Oct 2000
  • Date First Published: 08 Nov 2000
  • Date Last Updated: 30 Mar 2004
  • Severity Metric: 0.90
  • Document Revision: 38

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.