Successful Shell Attack Detected - Cisco 'show version' Command

high Nessus Network Monitor Plugin ID 6203

Synopsis

The results of a Cisco IOS command occurred in a TCP session normally used for a standard service.

Description

The results of a Cisco IOS command occurred in a TCP session normally used for a standard service. This may indicate that a successful compromise of the router or switch has occurred.

Solution

The command activity observed is indicative of a possible compromise. Consider performing a full audit of the system to investigate further.

Plugin Details

Severity: High

ID: 6203

Family: Generic

Published: 1/6/2012

Updated: 7/11/2018

Vulnerability Information

CPE: cpe:/o:cisco

Detections

Analytics