|发布时间 :2000-04-20 00:00:00|
|修订时间 :2008-09-10 15:03:47|
[原文]Cisco Catalyst 5.4.x allows a user to gain access to the "enable" mode without a password.
Cisco Catalyst 5.4.x存在漏洞，用户可以访问“使能”模式而无需密码。
- CVSS (基础分值)
- CPE (受影响的平台与产品)
- OVAL (用于检测的技术细节)
(VENDOR_ADVISORY) CISCO 20000419 Cisco Catalyst Enable Password Bypass Vulnerability
(UNKNOWN) BID 1122
(UNKNOWN) OSVDB 1288
|2000-04-20 00:00:00||2005-10-12 00:00:00|
|Cisco Catalyst 5.4.x存在漏洞，用户可以访问“使能”模式而无需密码。|
The following information has been copied from the Cisco security advisory on this topic, the advisory itself is attached in the 'Credit' section of this vulnerability entry:
Cisco is offering free software upgrades to remedy this vulnerability for all affected customers.
Customers with contracts should obtain upgraded software through their regular update channels. For most customers, this means that upgrades should be obtained via the Software Center on Cisco's Worldwide Web site at:
Customers without contracts should get their upgrades by contacting the Cisco Technical Assistance Center (TAC). TAC contacts are as follows:
* +1 800 553 2447 (toll-free from within North America)
* +1 408 526 7209 (toll call from anywhere in the world)
* e-mail: email@example.com
Give the URL of this notice as evidence of your entitlement to a free upgrade. Free upgrades for non-contract customers must be requested through the TAC. Please do not contact either "firstname.lastname@example.org" or "email@example.com" for software upgrades.
|Cisco Catalyst Enable Password Bypass|
|CatOS contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when a local user is allowed to enter enable mode without a password. This flaw may lead to a loss of confidentiality, integrity and/or availability.|
|Upgrade to version 5.4(2) or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.|
|Unknown or Incomplete|