Cisco IOS HTTP service is reportedly prone to an HTML injection vulnerability.

Reports indicate that an attacker can submit malicious HTML and script code through the '/level/15/exec/-/buffers/assigned' and /level/15/exec/-/buffers/all' scripts. This code may be executed in the browser of an administrator when they attempt to view the contents of memory buffers through the vulnerable scripts of the HTTP service.

This vulnerable has been reported to affect IOS 12.0(2a). It is likely that other versions are vulnerable as well.

An attacker can inject arbitrary code in some of the dynamically generated web pages. To succesfully exploit the vulnerability the attacker only needs to know the IP of the Cisco. THERE'S NO NEED TO HAVE ACCESS TO THE WEB SERVER! Once the code has been inyected, attacker must wait until the admin browses some of the affected web pages.