CERTA-2001-AVI-042

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité des commutateurs CISCO CSS 11050, CSS 11150 et CSS 11800 permet à un utiliseur déclaré d'augmenter ses privilèges dans le module de configuration.

Description

Un utilisateur non-privilégié peut, par une série de commandes, faire passer le commutateur en mode « debug » afin d'obtenir les privilèges administrateur.

L'utilisateur mal intentionné doit disposer d'un compte d'utilisateur valable.

Nota : Cette vulnérabilité n'affecte que les concentrateurs possédant une version logicielle inférieure à 4.01B19s.

Solution

Télécharger le correctif sur le site Cisco :

http://www.cisco.com

Cisco CSS 11050, CSS 11150 et CSS 11800.

Impacted products
Vendor Product Description
References
Avis Cisco None vendor-advisory

Show details on source website
To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eCisco CSS 11050, CSS 11150 et CSS 11800.\u003c/P\u003e",
  "content": "## Description\n\nUn utilisateur non-privil\u00e9gi\u00e9 peut, par une s\u00e9rie de commandes, faire\npasser le commutateur en mode \u00ab debug \u00bb afin d\u0027obtenir les privil\u00e8ges\nadministrateur.\n\nL\u0027utilisateur mal intentionn\u00e9 doit disposer d\u0027un compte d\u0027utilisateur\nvalable.\n\nNota : Cette vuln\u00e9rabilit\u00e9 n\u0027affecte que les concentrateurs poss\u00e9dant\nune version logicielle inf\u00e9rieure \u00e0 4.01B19s.\n\n## Solution\n\nT\u00e9l\u00e9charger le correctif sur le site Cisco :\n\n    http://www.cisco.com\n",
  "cves": [],
  "links": [],
  "reference": "CERTA-2001-AVI-042",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2001-04-11T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Augmentation des privil\u00e8ges utilisateur"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 des commutateurs CISCO CSS 11050, CSS 11150 et CSS\n11800 permet \u00e0 un utiliseur d\u00e9clar\u00e9 d\u0027augmenter ses privil\u00e8ges dans le\nmodule de configuration.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans les commutateurs CISCO CSS 11050, 11150 et 11800",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Avis Cisco",
      "url": "http://www.cisco.com/warp/public/707/arrowpoint-useraccnt-debug-pub.shtml"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.