New Search

Cisco IOS VTY Authentication Bypass Vulnerability

oval:org.mitre.oval:def:5866

Cisco IOS 12.2E 12.2F and 12.2S places a "no login" line into the VTY configuration when an administrator makes certain changes to a (1) VTY/AUX or (2) CONSOLE setting on a device without AAA enabled which allows remote attackers to bypass authentication and obtain a terminal session a different vulnerability than CVE-1999-0293 and CVE-2005-2105.

Family:
ios
Status:
ACCEPTED
Platform(s):
  • Cisco IOS
Class:
vulnerability
Reference(s):
  • CVE-2007-4632
Product(s):