Computer Hacking Forensic Investigator (CHFI) — Question 61

You are a security analyst performing a penetration tests for a company in the Midwest. After some initial reconnaissance, you discover the IP addresses of some
Cisco routers used by the company. You type in the following URL that includes the IP address of one of the routers: http://172.168.4.131/level/99/exec/show/config
After typing in this URL, you are presented with the entire configuration file for that router. What have you discovered?

Answer options

• A. HTTP Configuration Arbitrary Administrative Access Vulnerability
• B. HTML Configuration Arbitrary Administrative Access Vulnerability
• C. Cisco IOS Arbitrary Administrative Access Online Vulnerability
• D. URL Obfuscation Arbitrary Administrative Access Vulnerability

Correct answer: A

Explanation

The correct answer is A because accessing the configuration file through the specified URL indicates a vulnerability in the HTTP configuration that allows arbitrary administrative access. The other options do not accurately describe the nature of the vulnerability, as HTML, Cisco IOS, and URL obfuscation are not the primary factors at play in this scenario.