|
|
| CVE-ID | ||
|---|---|---|
CVE-2000-0345 |
• CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
|
|
| Description | ||
| The on-line help system options in Cisco routers allows non-privileged users without "enabled" access to obtain sensitive information via the show command. | ||
| References | ||
| Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete. | ||
|
||
| Assigning CNA | ||
| MITRE Corporation | ||
| Date Record Created | ||
| 20000511 | Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE. | |
| Phase (Legacy) | ||
| Proposed (20000518) | ||
| Votes (Legacy) | ||
| ACCEPT(1) Prosser MODIFY(1) Frech NOOP(5) Armstrong, Baker, Cole, Levy, Wall REJECT(1) Balinsky |
||
| Comments (Legacy) | ||
Levy> Arguably this is not a vulnerability. Cisco replying saying this is standard behaviour that was simply not well documented. They have no plans to change it and will simply document it better. Frech> XF:cisco-online-help Balinsky> As noted in a bugtraq posting by Lisa Napier from Cisco's Product Security Incident Response Team, this is a poorly documented feature. This is intended behavior, and does not represent a vulnerability in Cisco's opinion. http://www.securityfocus.com/frames/?content=/templates/archive.pike?list=1&mid=59434 Prosser> Although Lisa Napier did say this issue was "functioning as designed", it was not intended to allow unprivileged access. Lisa did indicate that Cisco would be updating instructions on configuration to ensure proper user privileges. So, this should be considered IMHO an "exposure" vice a vulnerability, but security-related none the less. http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1%26msg%3D20000502222246.28423.qmail@securityfocus.com http://www.securityfocus.com/bid/1161 |
||
| Proposed (Legacy) | ||
| 20000518 | ||
| This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities. | ||
|
You can also search by reference using the CVE Reference Maps.
|
||
| For More Information: CVE Request Web Form (select "Other" from dropdown) | ||