• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Cisco IOS HTTP Service CDP Status Page HTML Injection Vulnerability

Cisco IOS HTTP service is reportedly prone to an HTML injection vulnerability that affects the Cisco Discovery Protocol (CDP) status page. An attacker can submit malicious HTML and script code through CDP packets to be run in the context of a logged-in administrator. The attacker can also run arbitrary commands on a vulnerable device.

Successful exploits may allow the attacker to manipulate routing information, create accounts, and access all other functionality available to administrators.

IOS 11.2(8.11)SA6 is vulnerable; other versions of IOS 11 are likely affected as well. This issue does not affect IOS 12.