Short Name |
HTTP:CISCO:IOS-HTML-INJ |
---|---|
Severity |
Minor |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Cisco IOS HTTP Service HTML Injection Vulnerability |
Release Date |
2010/09/15 |
Update Number |
1773 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to exploit a known vulnerability against Cisco IOS HTTP Service. A successful attack can result in a denial-of-service condition.
Cisco IOS HTTP service is prone to an HTML-injection vulnerability. An attacker can submit malicious HTML and script code through the '/level/15/exec/-/buffers/assigned' and '/level/15/exec/-/buffers/all' scripts. This code may run in the browser of an administrator when they attempt to view the contents of memory buffers through the vulnerable scripts of the HTTP service. IOS 11.0 through 12.4 are affected. IOS XR is not vulnerable. This issue is documented by Cisco Bug ID CSCsc64976. NOTE: Since this is an HTML-injection vulnerability that targets users of the IOS web interface, devices with the HTTP service disabled are not affected.