Lucene search

[email protected]CVE-2007-4632

HistoryAug 31, 2007 - 11:17 p.m.

CVE-2007-4632

2007-08-3123:17:00

CWE-287

[email protected]

web.nvd.nist.gov

cve-2007-4632

cisco

ios

vty configuration

authentication bypass

remote attackers

4.3 Medium

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:A/AC:H/Au:N/C:P/I:P/A:P

6.8 Medium

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

77.1%

JSON

Cisco IOS 12.2E, 12.2F, and 12.2S places a “no login” line into the VTY configuration when an administrator makes certain changes to a (1) VTY/AUX or (2) CONSOLE setting on a device without AAA enabled, which allows remote attackers to bypass authentication and obtain a terminal session, a different vulnerability than CVE-1999-0293 and CVE-2005-2105.

Affected configurations

NVD

Node

ciscoiosMatch12.2e

ciscoiosMatch12.2f

ciscoiosMatch12.2s

CPENameOperatorVersion
cisco:ioscisco ioseq12.2e
cisco:ioscisco ioseq12.2f
cisco:ioscisco ioseq12.2s

CPE	Name	Operator	Version
cisco:ios	cisco ios	eq	12.2e
cisco:ios	cisco ios	eq	12.2f
cisco:ios	cisco ios	eq	12.2s

References

www.cisco.com/en/US/products/products_security_response09186a00808ae4ca.html

www.securityfocus.com/bid/25482

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5866

4.3 Medium

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:A/AC:H/Au:N/C:P/I:P/A:P

6.8 Medium

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

77.1%

JSON

Related for CVE-2007-4632

prion1 cvelist3 nvd2 cve2 nessus2 checkpoint_advisories1