To determine whether the HTTP Server feature is enabled for a device, log in to the device and use the show running-config | include ip http server|secure|active command in the CLI to check for the presence of the ip http server command or the ip http secure-server command in the global configuration. The default state of the HTTP Server feature in Cisco IOS XE Software is version dependent.įor information about which Cisco software releases are vulnerable, see the Fixed Software section of this advisory. These vulnerabilities affect Cisco devices if they are running a vulnerable release of Cisco IOS XE Software and have the HTTP server enabled. For a complete list of the advisories and links to them, see Cisco Event Response: September 2020 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication. This advisory is part of the September 24, 2020, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes 25 Cisco Security Advisories that describe 34 vulnerabilities. This advisory is available at the following link: There are no workarounds that address these vulnerabilities. Multiple vulnerabilities in the web management framework of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to elevate privileges to the level of an Administrator user on an affected device.įor more information about these vulnerabilities, see the Details section of this advisory.Ĭisco has released software updates that address these vulnerabilities.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |