CVE-2000-0945

Cisco Catalyst 3500 XL - Unauthenticated Remote Code Execution via /exec/ Directory

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2000-0945. PoCs published by blackangels, hdm, including Metasploit module auxiliary/scanner/http/cisco_device_manager.

AI-analyzed exploit summary This Perl script exploits multiple vulnerabilities in Cisco devices, including DoS and arbitrary command execution. It targets specific Cisco IOS and Catalyst vulnerabilities by sending crafted HTTP or Telnet requests.

Description

The web configuration interface for Catalyst 3500 XL switches allows remote attackers to execute arbitrary commands without authentication when the enable password is not set, via a URL containing the /exec/ directory.

Exploits (2)

exploitdb WORKING POC VERIFIED

by blackangels · perlremotehardware

https://www.exploit-db.com/exploits/20330

View Code ZIP pw:eip

This Perl script exploits multiple vulnerabilities in Cisco devices, including DoS and arbitrary command execution. It targets specific Cisco IOS and Catalyst vulnerabilities by sending crafted HTTP or Telnet requests.

Classification

Working Poc 90%

Attack Type

Rce | Dos | Auth Bypass

Complexity

Moderate

Reliability

Reliable

Target: Cisco IOS, Cisco Catalyst

No auth needed

Prerequisites: Network access to target device · Specific Cisco device with vulnerable firmware

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit SCANNER

by hdm · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/cisco_device_manager.rb

View Code ZIP pw:eip

This Metasploit module scans Cisco devices with exposed HTTP device manager interfaces to gather configuration data. It authenticates using provided credentials and retrieves device information, including IOS configuration.

Classification

Scanner 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Cisco IOS (various versions)

Auth required

Prerequisites: Cisco device with HTTP device manager exposed · Valid credentials (default or specified)

MITRE ATT&CK