CVE-2003-0512
CVSS5.0
发布时间 :2003-08-27 00:00:00
修订时间 :2009-03-04 00:18:24
NMCOPS    

[原文]Cisco IOS 12.2 and earlier generates a "% Login invalid" message instead of prompting for a password when an invalid username is provided, which allows remote attackers to identify valid usernames on the system and conduct brute force password guessing, as reported for the Aironet Bridge.


[CNNVD]Cisco Aironet Telnet服务用户帐号列举漏洞(CNNVD-200308-156)

        
        Cisco Aironet AP1X00系列是Cisco发行的无线接入点,提供基于802.11b WIFI标准的无线接入方案。
        Cisco Aironet访问接入点的telnet服务在验证处理上存在缺陷,远程攻击者可以利用这个漏洞列举出合法帐户名。
        如果设备开启了telnet服务,在验证处理上存在问题,如果攻击者发送合法的帐户名,就会提示输入密码,如果非法,就会提示"% Login invalid"信息。攻击者可以利用这个漏洞通过暴力猜测获得用户名。
        

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: NETWORK [攻击者不需要获取内网访问权或本地访问权]
身份认证: NONE [漏洞利用无需身份认证]

- CWE (弱点类目)

CWE-310 [密码学安全问题]

- CPE (受影响的平台与产品)

cpe:/o:cisco:ios:12.2%2811%29ja1Cisco IOS 12.2 (11)JA1
cpe:/o:cisco:ios:12.2%2816.1%29bCisco IOS 12.2 (16.1)B
cpe:/o:cisco:ios:12.2%2814.5%29Cisco IOS 12.2 (14.5)
cpe:/o:cisco:ios:12.2%2815.1%29sCisco IOS 12.2 (15.1)S
cpe:/o:cisco:ios:12.2%2815%29znCisco IOS 12.2 (15)ZN
cpe:/o:cisco:ios:12.2%2814.5%29tCisco IOS 12.2 (14.5)T
cpe:/o:cisco:ios:12.0%2824.2%29sCisco IOS 12.0 (24.2)S
cpe:/o:cisco:ios:12.2%2816%29bCisco IOS 12.2 (16)B
cpe:/o:cisco:ios:12.0%2824%29s1Cisco IOS 12.0 (24)S1

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:5824Cisco IOS User Enumeration via Error Messages
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0512
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2003-0512
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200308-156
(官方数据源) CNNVD

- 其它链接及资源

http://www.kb.cert.org/vuls/id/886796
(UNKNOWN)  CERT-VN  VU#886796
http://www.vigilante.com/inetsecurity/advisories/VIGILANTE-2003002.htm
(UNKNOWN)  MISC  http://www.vigilante.com/inetsecurity/advisories/VIGILANTE-2003002.htm
http://www.cisco.com/warp/public/707/cisco-sn-20030724-ios-enum.shtml
(UNKNOWN)  CISCO  20030724 Enumerating Locally Defined Users in Cisco IOS
http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0056.html
(VENDOR_ADVISORY)  VULNWATCH  20030728 Cisco Aironet AP1100 Valid Account Disclosure Vulnerability

- 漏洞信息

Cisco Aironet Telnet服务用户帐号列举漏洞
中危 加密问题
2003-08-27 00:00:00 2009-03-04 00:00:00
远程  
        
        Cisco Aironet AP1X00系列是Cisco发行的无线接入点,提供基于802.11b WIFI标准的无线接入方案。
        Cisco Aironet访问接入点的telnet服务在验证处理上存在缺陷,远程攻击者可以利用这个漏洞列举出合法帐户名。
        如果设备开启了telnet服务,在验证处理上存在问题,如果攻击者发送合法的帐户名,就会提示输入密码,如果非法,就会提示"% Login invalid"信息。攻击者可以利用这个漏洞通过暴力猜测获得用户名。
        

- 公告与补丁

        临时解决方法:
        如果您不能立刻安装补丁或者升级,CNNVD建议您采取以下措施以降低威胁:
        * 关闭设备中的telnet服务。
        厂商补丁:
        Cisco
        -----
        Cisco建议用户使用固件版本到12.2(11)JA1:
        
        http://www.cisco.com/tacpage/sw-center/sw-ios.shtml

- 漏洞信息 (F31464)

VIGILANTE-2003002.txt (PacketStormID:F31464)
2003-07-29 00:00:00
Reda Zitouni  vigilante.com
advisory,remote
cisco
CVE-2003-0512
[点击下载]

Vigilante Advisory 2003002 - A flaw in firmware version 12.2(4)JA and earlier of the Cisco Aironet 1100 series allows a malicious remote user to discover which accounts are valid on the targeted Cisco Aironet Access Point by using classical brute force techniques. Exploitation of this flaw is possible if the telnet service is enabled with authentication.

VIGILANTe Security Watch Advisory
 
Name: Cisco Aironet AP1100 Valid Account Disclosure Vulnerability
Systems Affected: Tested on a Cisco Aironet AP1100 Model 1120B Series
Wireless device.
Firmware version 12.2(4)JA and earlier.
NB : A large number of Cisco IOSes are affected by this flaw.
Severity: High Risk
Vendor URL: http://www.vigilante.com
Authors: Reda Zitouni (reda.zitouni@vigilante.com)
Date: 28th July 2003
Advisory Code: VIGILANTE-2003002
 
Description
***********
Cisco Aironet 1100 Series Access Point is a device manufactured by Cisco
Systems offering a WLAN solution based on the 802.11b Wifi standard.
The Aironet Bridge is vulnerable to a Brute Force attack revealing if an
account exists or not.
 
Details
*******
A flaw in firmware version 12.2(4)JA and earlier allows a malicious
remote user to discover which accounts are valid on the targeted Cisco
Aironet Access Point by using classical brute force techniques.
Exploitation of this flaw is possible if the telnet service is enabled
with authentication.
 
If an attacker submits an existing account as login he will be then
prompted for the password. If not the case a ""% Login invalid" reply
will be displayed by the server, revealing the account is not existing.
By default on the Aironet AP1100, the 'cisco' account is set and is
prompted for a password when submitted. That default account then allows
an attacker to determine if this flaw on the remote device is patched or
not. This may lead to further serious attacks.
 

Vendor status:
**************
Cisco was contacted June 19, 2003 and answered the same day. 5 days
later, they told us that they would release a patch soon. The patch was
finally released July 3, 2003. Please note that this flaw is released by
Cisco as a Security Notice in CCO.
 
Vulnerability Assessment:
************************
A test case to detect this vulnerability was added to SecureScan NX in
the upgrade package of July 28, 2003. You can see the documentation of
this test case 15438 on SecureScan NX web site at
http://securescannx.vigilante.com/tc/15438. 
Fix:  A firmware upgrading the Aironet IOS version to c1100-k9w7 has
been released by Cisco. Please note that this version fixes some other
bugs as TC 17655 (refer to release note).
 
Workaround:
***********
Restrict access to your telnet service from outside your WLAN. A
stronger authentication mechanism, such as SSH can also be implemented.
 
CVE: Common Vulnerabilities and Exposures group ( reachable at
http://cve.mitre.org/ ) was contacted and assigned CAN-2003-0512 to this
vulnerability. 
 
Links:
*****
Cisco Advisory:
http://www.cisco.com/warp/public/707/cisco-sn-20030724-ios-enum.shtml
Vigilante Advisory:
http://www.vigilante.com/inetsecurity/advisories/VIGILANTE-2003002.htm
Product Homepage:  http://www.cisco.com/warp/public/cc/pd/witc/ps4570
CVE: CAN-2003-0512
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-CAN-2003-0512
 

Credit:
******
This vulnerability was discovered by Reda Zitouni, member of our
Security Watch Team at VIGILANTe. 
We wish to thank Cisco PSIRT Team for their fast answer to fix this
problem. 
Copyright VIGILANTe.com, Inc. 2003-07-28
 
Disclaimer:
**********
The information within this document may change without notice. Use of
this information constitutes acceptance for use in an AS IS condition.
There are NO warranties with regard to this information. In no event
shall the author be liable for any consequences whatsoever arising out
of or in connection with the use or spread of this information. Any use
of this information lays within the user's responsibility.
 
Feedback:
********
Please send suggestions, updates, and comments to
securitywatch@vigilante.com 
 
 
    

- 漏洞信息

2341
Cisco IOS Valid Username Enumeration

- 漏洞描述

Cisco IOS contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an attacker telnets to the device occurs, which will prompt for a password if a valid username is entered, resulting in a loss of confidentiality.

- 时间线

2003-07-28 Unknow
Unknow Unknow

- 解决方案

Upgrade to version indicated in Cisco product matrix, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Cisco Aironet Telnet Service User Account Enumeration Weakness
Design Error 8292
Yes No
2003-07-28 12:00:00 2009-07-11 10:56:00
Discovery credited to Reda Zitouni.

- 受影响的程序版本

Cisco IOS 12.2(8)JA
Cisco IOS 12.2(4)JA1
Cisco IOS 12.2(4)JA
Cisco IOS 12.2(16.1)B
Cisco IOS 12.2(16)B
Cisco IOS 12.2(15.1)S
Cisco IOS 12.2(15)ZN
Cisco IOS 12.2(14.5)T
Cisco IOS 12.2(14.5)
Cisco IOS 12.2(11)JA1
Cisco IOS 12.2(11)JA
Cisco IOS 12.0(24.2)S
Cisco IOS 12.0(24)S1

- 漏洞讨论

An information leak has been reported in Cisco Aironet Access Points when the telnet service has been enabled. This may allow a remote attacker to gain potentially sensitive information.

- 漏洞利用

No exploit is required for this weakness.

- 解决方案

Cisco has released updates to address this issue. Please see the attached advisory for details on obtaining and applying updates.

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站