CVE - CVE-2000-0345

CVE-ID
CVE-2000-0345	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The on-line help system options in Cisco routers allows non-privileged users without "enabled" access to obtain sensitive information via the show command.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:1161 URL:http://www.securityfocus.com/bid/1161 BUGTRAQ:20000502 Possible issue with Cisco on-line help? URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000502222246.28423.qmail@securityfocus.com
Assigning CNA
MITRE Corporation
Date Record Created
20000511	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Proposed (20000518)
Votes (Legacy)
ACCEPT(1) Prosser MODIFY(1) Frech NOOP(5) Armstrong, Baker, Cole, Levy, Wall REJECT(1) Balinsky
Comments (Legacy)
Levy> Arguably this is not a vulnerability. Cisco replying saying this is standard behaviour that was simply not well documented. They have no plans to change it and will simply document it better. Frech> XF:cisco-online-help Balinsky> As noted in a bugtraq posting by Lisa Napier from Cisco's Product Security Incident Response Team, this is a poorly documented feature. This is intended behavior, and does not represent a vulnerability in Cisco's opinion. http://www.securityfocus.com/frames/?content=/templates/archive.pike?list=1&mid=59434 Prosser> Although Lisa Napier did say this issue was "functioning as designed", it was not intended to allow unprivileged access. Lisa did indicate that Cisco would be updating instructions on configuration to ensure proper user privileges. So, this should be considered IMHO an "exposure" vice a vulnerability, but security-related none the less. http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1%26msg%3D20000502222246.28423.qmail@securityfocus.com http://www.securityfocus.com/bid/1161
Proposed (Legacy)
20000518
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)