You are a security analyst performing a penetration tests for a company in the Midwest. After some initial
reconnaissance, you discover the IP addresses of some Cisco routers used by the company. You type in the
following URL that includes the IP address of one of the routers:
http://172.168.4.131/level/99/exec/show/config
After typing in this URL, you are presented with the entire configuration file for that router. What have you
discovered?
A.
HTTP Configuration Arbitrary Administrative Access Vulnerability
B.
HTML Configuration Arbitrary Administrative Access Vulnerability
C.
Cisco IOS Arbitrary Administrative Access Online Vulnerability
D.
URL Obfuscation Arbitrary Administrative Access Vulnerability
Cisco IOS HTTP Configuration Arbitrary Administrative Access Vulnerability
Available Exploits: Cisco IOS HTTP Unauthorized Administrative Access
IOS is router firmware developed and distributed by Cisco Systems. IOS functions on numerous Cisco devices, including routers and switches. A problem with the Cisco firmware makes it possible for a remote user to gain elevated privileges. This vulnerability can be exploited by attackers to gain full administrative access on the affect device, allowing a remote user to reconfigure devices using the affected firmware.
The problem is in the ability of a user to access the HTTP configuration menu of a Cisco device. A remote user accessing:
http://router.address/level/$NUMBER/exec/….
(where $NUMBER is a number in the range of 16 to 99) bypasses all authentication checking. This leads to a remote user gaining a privilege level of 15, which in IOS software is full administrative access (also known as enable).
Source: https://www.rapid7.com/db/vulnerabilities/HTTP-CISCO-0002