CVE-ID

CVE-2000-0345

• Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings
Description
The on-line help system options in Cisco routers allows non-privileged users without "enabled" access to obtain sensitive information via the show command.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
Assigning CNA
N/A
Date Entry Created
20000511 Disclaimer: The entry creation date may reflect when the CVE-ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Proposed (20000518)
Votes (Legacy)
ACCEPT(1) Prosser
MODIFY(1) Frech
NOOP(5) Armstrong, Baker, Cole, Levy, Wall
REJECT(1) Balinsky
Comments (Legacy)
 Levy> Arguably this is not a vulnerability. Cisco replying saying this
   is standard behaviour that was simply not well documented. They have
   no plans to change it and will simply document it better.
 Frech> XF:cisco-online-help
 Balinsky> As noted in a bugtraq posting by Lisa Napier from Cisco's Product Security Incident Response Team, this is a poorly documented feature. This is intended behavior, and does not represent a vulnerability in Cisco's opinion.
   http://www.securityfocus.com/frames/?content=/templates/archive.pike?list=1&mid=59434
 Prosser> Although Lisa Napier did say this issue was "functioning as designed", it was not intended to allow unprivileged access.  Lisa did indicate that Cisco would be updating instructions on configuration to ensure proper user privileges.  So, this should be considered IMHO an "exposure" vice a vulnerability, but security-related none the less.
   http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1%26msg%3D20000502222246.28423.qmail@securityfocus.com
   
   http://www.securityfocus.com/bid/1161

Proposed (Legacy)
20000518
This is an entry on the CVE list, which standardizes names for security problems.