Cisco 600 Series Router HTTP GET DoS (cisco-sa-20001204-cbos)

medium Nessus Plugin ID 10561

Synopsis

The remote router is prone to a denial of service attack.

Description

It was possible to lock the remote router by sending the following request :

GET ?

An attacker may use this flaw to lock this host, thus preventing your network from working properly.

Solution

Contact CISCO for a fix or add the following rule to your router :

set web disabled write reboot

See Also

http://www.nessus.org/u?5df5b1a5

https://seclists.org/bugtraq/2000/Nov/392

Plugin Details

Severity: Medium

ID: 10561

File Name: cisco_675_http_dos.nasl

Version: 1.33

Type: remote

Family: CISCO

Published: 11/29/2000

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.4

CVSS v2

Risk Factor: Medium

Base Score: 5.4

Vector: CVSS2#AV:N/AC:H/Au:N/C:N/I:N/A:C

Vulnerability Information

CPE: cpe:/o:cisco:broadband_operating_system

Patch Publication Date: 12/4/2000

Vulnerability Publication Date: 11/28/2000

Reference Information

CVE: CVE-2001-0058