-
Cisco Catalyst software permits unauthorized access to the enable mode in the 5.4(1) release. Once initial access is granted, access can be obtained for the higher level "enable" mode without a password. This problem is resolved in version 5.4(2). Customers with vulnerable releases are urged to upgrade as soon as possible.
This vulnerability has been assigned Cisco bug ID CSCdr10025.
This advisory is posted at https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20000419-catos-enable-bypass.
-
This section provides details on affected products.
Vulnerable Products
All users of Cisco Catalyst 4000, 5000, 5500, 6000 and 6500 with the software version 5.4(1) only.
The affected image names are as follows:
-
cat4000_5-4-1.bin
-
cat5000-supg_5-4-1.bin
-
cat5000-Sup_5-4-1.bin
-
cat5000-Sup3_5-4-1.bin
-
cat6000-Sup_5-4-1.bin
Products Confirmed Not Vulnerable
No other releases of Cisco Catalyst software are affected by this vulnerability. No other Cisco products are currently known to be affected by these vulnerabilities.
-
cat4000_5-4-1.bin
-
Anyone who can obtain ordinary console access to an affected switch can bypass password authentication to obtain "enable" mode access without knowledge of the "enable" password. This vulnerability can be exploited through the network using telnet or via the physical console.
This problem was introduced in software version 5.4(1), and is corrected in version 5.4(2). Due to this defect, software version 5.4(1) is deferred. Customers are urged to upgrade to version 5.4(2).
-
There are no known workarounds for this vulnerability. Strictly limiting telnet access to the device will prevent the initial connection required to exploit this vulnerability. Telnet access can be controlled with the following command set:
-
set ip permit <address> <mask> telnet
-
set ip permit enable
This command set will deny all traffic not specified in the permit statement.
-
set ip permit <address> <mask> telnet
-
When considering software upgrades, also consult http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution.
In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center ("TAC") or your contracted maintenance provider for assistance.
-
Cisco Systems knows of no public discussion nor active exploits involving this vulnerability, which was reported by several customers who encountered it during normal use.
-
To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.
-
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.
A stand-alone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy, and may lack important information or contain factual errors. The information in this document is intended for end-users of Cisco products.