A vulnerability in the Cisco Router Web Setup (CRWS) web configuration tool on some Cisco 800 and SOHO series routers may allow remote execution of system-level commands with no authentication.
Cisco Router Web Setup Tool
The Cisco Router Web Setup tool, or CRWS, provides a GUI for an administrator configuring a Cisco 800 or SOHO series router. The Cisco IOS HTTP server provides the user interface, and is enabled by default on these routers. The CRWS may be enabled by default on the public interface, therefore may be accessible via the Internet.
A remote, unauthenticated attacker may be able to run commands at privilege level 15 through the web interface.
This vulnerability was reported by Cisco Systems Product Security Incident Response Team.
This document was written by Ryan Giobbi.
|Date First Published:||2006-07-14|
|Date Last Updated:||2006-07-14 16:34 UTC|