Successful exploitation of this vulnerability may allow for the execution of commands on the device at any privilege level, up to and including privilege level 15.成功利用此漏洞可能允許執行命令,該裝置在任何特權級,直至並包括權限級別15 。 Accessing the device at privilege level 15 would enable total control of the device, including but not limited to device configuration changes and device reloading.存取裝置在特權級15將使總量控制的裝置,包括但不限於設備配置的變化和設備重新載入。

The Cisco Router Web Setup tool (CRWS) provides a Web interface for configuring Cisco SOHO and Cisco 800 series routers which allows users to set up their routers.思科路由器Web安裝工具( crws )提供了一個Web界面配置思科的SOHO和Cisco 800系列路由器允許用戶設立他們的路由器。 The GUI is accessed through the Cisco IOS HTTP server, which is enabled on the default IOS configuration shipped with the CRWS application.的GUI是通過訪問的Cisco IOS HTTP服務器,這是啟用了默認內部監督辦公室配置發運與crws的應用。

The Cisco IOS HTTP server uses the enable password (assuming one has been configured) as its default authentication mechanism.有關的Cisco IOS HTTP服務器使用啟用密碼(假設一已配置)作為其默認的身份驗證機制。 Other authentication mechanisms can be configured, including the use of a local user database, an external RADIUS (Remote Authentication Dial In User Service) or an external TACACS+ (Terminal Access Controller Access Control System) server.其他的驗證機制可配置,包括使用本地用戶數據庫,外部半徑(遠程身份驗證撥號用戶服務)或外部時間TACACS + (終端訪問控制器訪問控制系統)服務器。 The default IOS configuration shipped with the CRWS application does not include an enable password or an enable secret command, allowing access to the Cisco IOS HTTP server interface at any privilege level, up to and including privilege level 15, without providing authentication credentials.默認的內部監督辦公室配置發運與crws應用不包括啟用密碼或1 ,使秘密命令,允許接觸到的Cisco IOS HTTP服務器界面在任何特權級,直至並包括權限級別15 ,沒有提供認證證書。 Privilege level 15 is the highest privilege level on Cisco IOS devices.權限級別15 ,這是最高的權限級別上的Cisco IOS設備。

Use the使用 flowchart流程圖 to determine if you are vulnerable.以確定如果你是脆弱的。
Bug ID錯誤編號