Cisco CBOS Show NAT Output Disclosure

2001-04-20T00:00:00
ID OSVDB:1796
Type osvdb
Reporter OSVDB
Modified 2001-04-20T00:00:00

Description

Vulnerability Description

CBOS contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a user telnets to the device after a user in the first session issues the 'sh nat' command, which will disclose screen information resulting in a loss of confidentiality.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue. This vulnerability does not seem to have been acknowledged by Cisco.

Short Description

CBOS contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a user telnets to the device after a user in the first session issues the 'sh nat' command, which will disclose screen information resulting in a loss of confidentiality.

References:

Other Advisory URL: http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&selm=bugtraq/4.2.0.58.20010420202601.0717f220%40amsterdam.cisco.com Other Advisory URL: http://archives.neohapsis.com/archives/bugtraq/2001-04/0364.html ISS X-Force ID: 6453 CVE-2001-0444 Bugtraq ID: 2635