Cisco Catalyst Enable Access Authentication Bypass (CSCea42030)

high Nessus Plugin ID 11547

Synopsis

The remote device is missing a vendor-supplied security patch.

Description

The remote Catalyst is affected by a password bypass vulnerability. Basically, an attacker who has a command line access may gain the 'enable' privileges without having to know the right password, which would allow him to reconfigure this host remotely.

This vulnerability is documented with the CISCO bug ID CSCde42030.

Solution

http://www.nessus.org/u?62e6a495

Plugin Details

Severity: High

ID: 11547

File Name: CSCea42030.nasl

Version: 1.17

Type: local

Family: CISCO

Published: 4/24/2003

Updated: 8/9/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/o:cisco:ios

Required KB Items: SNMP/sysDesc, SNMP/community, CISCO/model

Vulnerability Publication Date: 4/19/2003

Reference Information

CVE: CVE-2003-0216

CWE: 287

Detections

Analytics