Computer Hacking Forensic Investigator (CHFI v10) — Question 84

You are a security analyst performing a penetration tests for a company in the Midwest. After some initial reconnaissance, you discover the IP addresses of some
Cisco routers used by the company. You type in the following URL that includes the IP address of one of the routers: http://172.168.4.131/level/99/exec/show/config
After typing in this URL, you are presented with the entire configuration file for that router. What have you discovered?

Answer options

• A. HTTP Configuration Arbitrary Administrative Access Vulnerability
• B. HTML Configuration Arbitrary Administrative Access Vulnerability
• C. Cisco IOS Arbitrary Administrative Access Online Vulnerability
• D. URL Obfuscation Arbitrary Administrative Access Vulnerability

Correct answer: A

Explanation

The correct answer is A, as it highlights the exposure of administrative access through an HTTP vulnerability that allows unauthorized retrieval of the router's configuration. Options B, C, and D do not accurately describe the issue, as they either misidentify the protocol involved or do not pertain to the specific nature of the access gained.