Default Cisco Router Web Interface Setup Makes CISCO Routers Completely VulnerableBy Angsuman Chakraborty, Gaea News Network
Thursday, July 13, 2006
Successful exploitation of this vulnerability may allow for the execution of commands on the device at any privilege level, up to and including privilege level 15. Accessing the device at privilege level 15 would enable total control of the device, including but not limited to device configuration changes and device reloading.
The Cisco Router Web Setup tool (CRWS) provides a Web interface for configuring Cisco SOHO and Cisco 800 series routers which allows users to set up their routers. The GUI is accessed through the Cisco IOS HTTP server, which is enabled on the default IOS configuration shipped with the CRWS application.
The Cisco IOS HTTP server uses the enable password (assuming one has been configured) as its default authentication mechanism. Other authentication mechanisms can be configured, including the use of a local user database, an external RADIUS (Remote Authentication Dial In User Service) or an external TACACS+ (Terminal Access Controller Access Control System) server. The default IOS configuration shipped with the CRWS application does not include an enable password or an enable secret command, allowing access to the Cisco IOS HTTP server interface at any privilege level, up to and including privilege level 15, without providing authentication credentials. Privilege level 15 is the highest privilege level on Cisco IOS devices.