CVE-2000-0945

Catalyst 3500 XL - RCE

Title source: llm

Description

The web configuration interface for Catalyst 3500 XL switches allows remote attackers to execute arbitrary commands without authentication when the enable password is not set, via a URL containing the /exec/ directory.

Exploits (2)

exploitdb WORKING POC VERIFIED

by blackangels · perlremotehardware

https://www.exploit-db.com/exploits/20330

View Code ZIP pw:eip

metasploit SCANNER

by hdm · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/cisco_device_manager.rb

View Code ZIP pw:eip

References (5)

[Vendor Advisory] http://archives.neohapsis.com/archives/bugtraq/2000-10/0380.html

[Third Party Advisory] http://archives.neohapsis.com/archives/bugtraq/2000-11/0194.html

[Patch, Vendor Advisory] http://www.securityfocus.com/bid/1846

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/5415

[Third Party Advisory, VDB Entry] http://www.osvdb.org/444

Scores

EPSS 0.8793

EPSS Percentile 99.5%

Details

Status published

Products (1)

cisco/catalyst_3500_xl

Published Dec 19, 2000

Tracked Since Feb 18, 2026