Cisco Switch vulnerability
Date: Tuesday, April 29 @ 12:31:58 UTC
Topic: In the News


I know we have some heavy net types on here, so when I saw this article I thought I had better post it here.

A vulnerability has been reported for Cisco Catalyst switches that may result in unauthorized access to the enable level.

An attacker who is able to obtain command line access to a vulnerable switch is able to access 'enable' mode without a password.

Components Affected
Cisco Catalyst 4000 7.5 (1)
Cisco Catalyst 6000 7.5 (1)
Cisco Catalyst 6500 7.5 (1)

This vulnerability does not affect Catalyst 4000, 6000 and 6500 switches running CatOS 7.6(1). Affected users are advised to contact Cisco to obtain fixes.



The vulnerability exists due to the way the 'enable' mode is accessed through the switch.

Recommendations
Block external access at the network boundary, unless service is required by external parties.
Configure the affected switch so that telnet/ssh connections are permitted from trusted hosts and networks only.

Permit privileged access for trusted individuals only.
Ensure that only trustworthy individuals are capable of connecting to vulnerable Catalyst Switches.

Implement multiple redundant layers of security.
The use of AAA configurations will prevent exploitation of this vulnerability. Ensure that AAA configurations are used and are not configured for fallback to local authentication.

This vulnerability is given the Cisco BugID of CSCea42030.

References
Source: Cisco Security Advisory: Cisco Catalyst Enable Password Bypass Vulnerability
URL: http://www.cisco.com/warp/public/707/cisco-sa-20030424-catos.shtml






This article comes from detonate.net
http://www2.detonate.net

The URL for this story is:
http://www2.detonate.net/modules.php?name=News&file=article&sid=254