Re: Advisory def-2000-02: Cisco Catalyst remote command execution

[Andrew Frith <AndrewF () GATEWAY BM>]

I was unable to reproduce this on a 2924-XL running version 11.2(8.2)SA6.  Entering that URL in a web browser prompts 
for a password.  It will only execute once the enable password has been entered.

> > > Olle Segerdahl <Olle.Segerdahl () DEFCOM-SEC COM> 10/26/00 05:51AM >>>
----------------------=[Detailed Description]=------------------------
Cisco Catalyst 3500 XL series switches have a webserver configuration
interface. This interface lets any anonymous web user execute any
command without supplying any authentication credentials by simply
requesting the /exec location from the webserver. An example follows:
http://catalyst/exec/show/config/cr 
This URL will show the configuration file, with all user passwords.