• CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
The on-line help system options in Cisco routers allows non-privileged users without "enabled" access to obtain sensitive information via the show command.
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
Assigning CNA
MITRE Corporation
Date Record Created
20000511 Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Proposed (20000518)
Votes (Legacy)
ACCEPT(1) Prosser
MODIFY(1) Frech
NOOP(5) Armstrong, Baker, Cole, Levy, Wall
REJECT(1) Balinsky
Comments (Legacy)
 Levy> Arguably this is not a vulnerability. Cisco replying saying this
   is standard behaviour that was simply not well documented. They have
   no plans to change it and will simply document it better.
 Frech> XF:cisco-online-help
 Balinsky> As noted in a bugtraq posting by Lisa Napier from Cisco's Product Security Incident Response Team, this is a poorly documented feature. This is intended behavior, and does not represent a vulnerability in Cisco's opinion.
 Prosser> Although Lisa Napier did say this issue was "functioning as designed", it was not intended to allow unprivileged access.  Lisa did indicate that Cisco would be updating instructions on configuration to ensure proper user privileges.  So, this should be considered IMHO an "exposure" vice a vulnerability, but security-related none the less.

Proposed (Legacy)
This is a record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.