Описание
Cisco IOS 12.2E, 12.2F, and 12.2S places a "no login" line into the VTY configuration when an administrator makes certain changes to a (1) VTY/AUX or (2) CONSOLE setting on a device without AAA enabled, which allows remote attackers to bypass authentication and obtain a terminal session, a different vulnerability than CVE-1999-0293 and CVE-2005-2105.
Ссылки
- PatchVendor Advisory
- Third Party AdvisoryVDB Entry
- Third Party Advisory
- PatchVendor Advisory
- Third Party AdvisoryVDB Entry
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:o:cisco:ios:12.2e:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ios:12.2f:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ios:12.2s:*:*:*:*:*:*:*
EPSS
Процентиль: 45%
0.00228
Низкий
4.3 Medium
CVSS2
Дефекты
CWE-287
Связанные уязвимости
github
почти 4 года назад
Cisco IOS 12.2E, 12.2F, and 12.2S places a "no login" line into the VTY configuration when an administrator makes certain changes to a (1) VTY/AUX or (2) CONSOLE setting on a device without AAA enabled, which allows remote attackers to bypass authentication and obtain a terminal session, a different vulnerability than CVE-1999-0293 and CVE-2005-2105.
EPSS
Процентиль: 45%
0.00228
Низкий
4.3 Medium
CVSS2
Дефекты
CWE-287