certfr_avis - certa-2003-avi-128

CERTA-2003-AVI-128

Vulnerability from certfr_avis

Une vulnérabilité a été découverte dans l'IOS de Cisco permettant à un individu mal intentionné de lister les utilisateurs définis localement.

Description

Un utilisateur mal intentionné peut déterminer la liste des utilisateurs définis localement en analysant les messages id'erreur renvoyés lors d'une authentification sur le routeur via Telnet.

Solution provisoire

Désactiver Telnet et utiliser SSH ou bien l'authentification de type AAA new-model.

None

Impacted products

	Vendor	Product	Description
	Cisco	IOS	CISCO IOS 11.X

References

Title

Publication Time

Tags

Bulletin de sécurité CISCO "Enumerating Locally Defined Users in CISCO IOS"	None	vendor-advisory
Bulletin de sécurité CISCO "Enumerating Locally Defined Users in CISCO IOS" :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "CISCO IOS 11.X",
      "product": {
        "name": "IOS",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nUn utilisateur mal intentionn\u00e9 peut d\u00e9terminer la liste des utilisateurs\nd\u00e9finis localement en analysant les messages id\u0027erreur renvoy\u00e9s lors\nd\u0027une authentification sur le routeur via Telnet.\n\n## Solution provisoire\n\nD\u00e9sactiver Telnet et utiliser SSH ou bien l\u0027authentification de type\n`AAA new-model`.\n",
  "cves": [],
  "initial_release_date": "2003-07-31T00:00:00",
  "last_revision_date": "2003-07-31T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 CISCO \"Enumerating Locally Defined Users  in CISCO IOS\" :",
      "url": "http://www.cisco.com/warp/public/707/cisco-sn-20030724-ios-enum.shtml"
    }
  ],
  "reference": "CERTA-2003-AVI-128",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2003-07-31T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Divulgation d\u0027informations"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans l\u0027IOS de Cisco permettant \u00e0 un\nindividu mal intentionn\u00e9 de lister les utilisateurs d\u00e9finis localement.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans CISCO IOS",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 CISCO \"Enumerating Locally Defined Users in CISCO IOS\"",
      "url": null
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted