Vigil@nce: Cisco IOS, Cross Site Scripting of HTTP server
January 2009 by Vigil@nce
SYNTHESIS OF THE VULNERABILITY
An attacker can generate two Cross Site Scriptings in the HTTP
server of the IOS.
Gravity: 2/4
Consequences: client access/rights
Provenance: document
Means of attack: 1 attack
Ability of attacker: technician (2/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Number of vulnerabilities in this bulletin: 2
Creation date: 14/01/2009
IMPACTED PRODUCTS
– Cisco IOS
– Cisco Router
DESCRIPTION OF THE VULNERABILITY
The web administration service can be enabled in the IOS with the
"ip http server" command. It contains two vulnerabilities.
Special characters located in the url are not escaped, which can
be used for a Cross Site Scripting attack. [grav:2/4; CSCsi13344]
Special characters located in parameters of the ping command are
not escaped, which can be used for a Cross Site Scripting attack.
[grav:2/4; CSCsr72301]
These vulnerabilities can for example be used by an attacker to
obtain information about the configuration.
CHARACTERISTICS
Identifiers: 98605, BID-33260, cisco-sr-20090114-http, CSCsi13344,
CSCsr72301, CVE-2008-3821, PR08-19, VIGILANCE-VUL-8392
http://vigilance.fr/vulnerability/Cisco-IOS-Cross-Site-Scripting-of-HTTP-server-8392