CERTA-2003-AVI-128
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité a été découverte dans l'IOS de Cisco permettant à un individu mal intentionné de lister les utilisateurs définis localement.
Description
Un utilisateur mal intentionné peut déterminer la liste des utilisateurs définis localement en analysant les messages id'erreur renvoyés lors d'une authentification sur le routeur via Telnet.
Solution provisoire
Désactiver Telnet et utiliser SSH ou bien l'authentification de type
AAA new-model.
References
| Title | Publication Time | Tags | |
|---|---|---|---|
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "CISCO IOS 11.X",
"product": {
"name": "IOS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nUn utilisateur mal intentionn\u00e9 peut d\u00e9terminer la liste des utilisateurs\nd\u00e9finis localement en analysant les messages id\u0027erreur renvoy\u00e9s lors\nd\u0027une authentification sur le routeur via Telnet.\n\n## Solution provisoire\n\nD\u00e9sactiver Telnet et utiliser SSH ou bien l\u0027authentification de type\n`AAA new-model`.\n",
"cves": [],
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 CISCO \"Enumerating Locally Defined Users in CISCO IOS\" :",
"url": "http://www.cisco.com/warp/public/707/cisco-sn-20030724-ios-enum.shtml"
}
],
"reference": "CERTA-2003-AVI-128",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2003-07-31T00:00:00.000000"
}
],
"risks": [
{
"description": "Divulgation d\u0027informations"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans l\u0027IOS de Cisco permettant \u00e0 un\nindividu mal intentionn\u00e9 de lister les utilisateurs d\u00e9finis localement.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans CISCO IOS",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 CISCO \"Enumerating Locally Defined Users in CISCO IOS\"",
"url": null
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…