Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4632

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2007-4632
Last Modified 04 Mar 2009 01:25:57
Published 31 Aug 2007 07:17:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector ADJACENT_NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2007-4632

Summary

Cisco IOS 12.2E, 12.2F, and 12.2S places a "no login" line into the VTY configuration when an administrator makes certain changes to a (1) VTY/AUX or (2) CONSOLE setting on a device without AAA enabled, which allows remote attackers to bypass authentication and obtain a terminal session, a different vulnerability than CVE-1999-0293 and CVE-2005-2105.

Vulnerable Systems

Operating System

  • Cisco Ios 12.2e

  • Cisco Ios 12.2f

  • Cisco Ios 12.2s


References

CISCO - 20070829 VTY Authentication Bypass Vulnerability

BID - 25482


Last Updated: 27 May 2016 10:45:54