Cisco Switch

[SirDice]

Originally posted here by nebulus200
Bah! Don't do that! CLI and 'no ip http server', all the way... you know some of those switches are using IIS on the backend, right?

IIS? No ****?!? Are you sure?? Never saw one before and I've seen alot of switches.

But I do suggest checking if your IOS isn't vulnerable.
Check if you can see the config (without authentication) with the following URL:
http://myswitch/level/16/exec/show/config

If you get to see the config I suggest turning the http interface off as soon as possible. Anyone can change your config if this works.

Also see if you can run the Cisco Global Exploiter to make sure it's not vulnerable to some more tricks.

[nebulus200]

Originally posted here by SirDice
IIS? No ****?!? Are you sure?? Never saw one before and I've seen alot of switches.

But I do suggest checking if your IOS isn't vulnerable.
Check if you can see the config (without authentication) with the following URL:
http://myswitch/level/16/exec/show/config

If you get to see the config I suggest turning the http interface off as soon as possible. Anyone can change your config if this works.

Also see if you can run the Cisco Global Exploiter to make sure it's not vulnerable to some more tricks.

Hmmm...now that I am actually trying to find it, I can only find stuff related to their call center, unity server, and other similar products. I could have sworn that their earlier switches/routers had some kind of hacked up version of IIS...of course it wouldn't be the first time I was wrong.

/nebulus

[cheyenne1212]

Thanks for all your help guys, I think I got it figured out.

As far as a vulnerability, we're putting a firewall in front of ASAP.