Remote Command Execution Vulnerability in Catalyst 3500 XL Switches by Cisco
CVE-2000-0945

Currently unrated

Key Information:

Vendor: Cisco
Status: Catalyst 3500 Xl
Vendor: CVE Published:; 19 December 2000

Summary

The web configuration interface of the Catalyst 3500 XL switches is susceptible to remote command execution. This vulnerability arises when the enable password is not configured, allowing attackers to execute arbitrary commands through specially crafted URLs that contain the /exec/ directory. Without proper authentication safeguards, unauthorized users can access and manipulate switch settings, posing significant risks to network integrity and security.

References

http://www.osvdb.org/444

vdb-entryx_refsource_OSVDB

http://archives.neohapsis.com/archives/bugtraq/2000-11/01...

mailing-listx_refsource_BUGTRAQ

https://exchange.xforce.ibmcloud.com/vulnerabilities/5415

vdb-entryx_refsource_XF

EPSS Score

87% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Dec 19, 2000
Vulnerability Reserved
Nov 24, 2000