ID

VAR-200005-0033


CVE

CVE-2000-0345


TITLE

Cisco Router Online Help Vulnerability

Trust: 0.9

sources: BID: 1161 // CNNVD: CNNVD-200005-023

DESCRIPTION

The on-line help system options in Cisco routers allows non-privileged users without "enabled" access to obtain sensitive information via the show command. This information is comprised of access lists among other things. The help system itself does not list these items as being available via the 'show' commands yet none the less it will execute them. The message which detailed this vulnerability to the Bugtraq mailing list is attached in the 'Credit' section of this vulnerability entry. It is suggested that you read it if this vulnerability affects your infrastructure

Trust: 1.26

sources: NVD: CVE-2000-0345 // BID: 1161 // VULHUB: VH-CVE-2000-0345

AFFECTED PRODUCTS

vendor:ciscomodel:iosscope:eqversion:11.1

Trust: 1.9

vendor:ciscomodel:iosscope:eqversion:11.1\(13\)ia

Trust: 1.6

vendor:ciscomodel:iosscope:eqversion:11.1\(15\)ca

Trust: 1.6

vendor:ciscomodel:iosscope:eqversion:11.1\(17\)cc

Trust: 1.6

vendor:ciscomodel:iosscope:eqversion:11.1\(13\)ca

Trust: 1.6

vendor:ciscomodel:iosscope:eqversion:11.1\(16\)

Trust: 1.6

vendor:ciscomodel:iosscope:eqversion:11.1\(13\)

Trust: 1.6

vendor:ciscomodel:iosscope:eqversion:11.1\(16\)aa

Trust: 1.6

vendor:ciscomodel:iosscope:eqversion:11.1\(16\)ia

Trust: 1.6

vendor:ciscomodel:iosscope:eqversion:11.1\(13\)aa

Trust: 1.6

vendor:ciscomodel:iosscope:eqversion:9.14

Trust: 1.3

vendor:ciscomodel:iosscope:eqversion:12.0

Trust: 1.3

vendor:ciscomodel:iosscope:eqversion:11.2

Trust: 1.3

vendor:ciscomodel:iosscope:eqversion:11.2\(17\)

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.0\(9\)s

Trust: 1.0

vendor:ciscomodel:router 7200scope:eqversion:*

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:11.2\(8\)sa3

Trust: 1.0

vendor:ciscomodel:router 7500scope:eqversion:*

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:11.2\(10\)

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.0\(1\)w

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.0\(1\)xe

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.0\(2\)xg

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.0\(2\)

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:11.2p

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.0\(2\)xf

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.0\(6\)

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.0\(5\)t1

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.0\(8\)

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.0\(4\)

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.0\(7\)t

Trust: 1.0

vendor:ciscomodel:router 3600scope:eqversion:*

Trust: 1.0

vendor:ciscomodel:router 2600scope:eqversion:*

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:11.2\(4\)f1

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.0db

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:11.2\(8\)p

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:11.2\(8\)sa1

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.0\(4\)t

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.0\(5\)

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.0\(1\)xa3

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:11.2\(9\)xa

Trust: 1.0

vendor:ciscomodel:router 2500scope:eqversion:*

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.0\(1\)xb

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:11.2\(9\)p

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.0\(4\)s

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:11.2\(10\)bc

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.0\(3\)t2

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.0\(2\)xc

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:11.2\(8\)

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.0t

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:11.1\(17\)ct

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.0\(2\)xd

Trust: 1.0

vendor:ciscomodel:router 4000scope:eqversion:*

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:11.2\(8\)sa5

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.0s

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.0.7

Trust: 0.3

vendor:ciscomodel:iosscope:eqversion:12.0.6

Trust: 0.3

vendor:ciscomodel:iosscope:eqversion:12.0.5

Trust: 0.3

vendor:ciscomodel:ios tscope:eqversion:12.0.4

Trust: 0.3

vendor:ciscomodel:ios sscope:eqversion:12.0.4

Trust: 0.3

vendor:ciscomodel:iosscope:eqversion:12.0.4

Trust: 0.3

vendor:ciscomodel:ios t2scope:eqversion:12.0.3

Trust: 0.3

vendor:ciscomodel:ios xgscope:eqversion:12.0.2

Trust: 0.3

vendor:ciscomodel:ios xfscope:eqversion:12.0.2

Trust: 0.3

vendor:ciscomodel:ios xdscope:eqversion:12.0.2

Trust: 0.3

vendor:ciscomodel:ios xcscope:eqversion:12.0.2

Trust: 0.3

vendor:ciscomodel:iosscope:eqversion:12.0.2

Trust: 0.3

vendor:ciscomodel:ios xescope:eqversion:12.0.1

Trust: 0.3

vendor:ciscomodel:ios xbscope:eqversion:12.0.1

Trust: 0.3

vendor:ciscomodel:ios xa3scope:eqversion:12.0.1

Trust: 0.3

vendor:ciscomodel:ios wscope:eqversion:12.0.1

Trust: 0.3

vendor:ciscomodel:ios bcscope:eqversion:11.2.10

Trust: 0.3

vendor:ciscomodel:iosscope:eqversion:11.2.10

Trust: 0.3

vendor:ciscomodel:ios xascope:eqversion:11.2.9

Trust: 0.3

vendor:ciscomodel:ios pscope:eqversion:11.2.9

Trust: 0.3

vendor:ciscomodel:ios sa5scope:eqversion:11.2.8

Trust: 0.3

vendor:ciscomodel:ios sa3scope:eqversion:11.2.8

Trust: 0.3

vendor:ciscomodel:ios sa1scope:eqversion:11.2.8

Trust: 0.3

vendor:ciscomodel:ios pscope:eqversion:11.2.8

Trust: 0.3

vendor:ciscomodel:iosscope:eqversion:11.2.8

Trust: 0.3

vendor:ciscomodel:ios f1scope:eqversion:11.2.4

Trust: 0.3

vendor:ciscomodel:ios ctscope:eqversion:11.1.17

Trust: 0.3

vendor:ciscomodel:ios ccscope:eqversion:11.1.17

Trust: 0.3

vendor:ciscomodel:ios iascope:eqversion:11.1.16

Trust: 0.3

vendor:ciscomodel:ios aascope:eqversion:11.1.16

Trust: 0.3

vendor:ciscomodel:iosscope:eqversion:11.1.16

Trust: 0.3

vendor:ciscomodel:ios cascope:eqversion:11.1.15

Trust: 0.3

vendor:ciscomodel:ios iascope:eqversion:11.1.13

Trust: 0.3

vendor:ciscomodel:ios cascope:eqversion:11.1.13

Trust: 0.3

vendor:ciscomodel:ios aascope:eqversion:11.1.13

Trust: 0.3

vendor:ciscomodel:iosscope:eqversion:11.1.13

Trust: 0.3

vendor:ciscomodel:ios 12.0tscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.0sscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.0dbscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.0 sscope: - version: -

Trust: 0.3

vendor:ciscomodel:iosscope:eqversion:12.0(8)

Trust: 0.3

vendor:ciscomodel:ios 12.0 tscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.0 t1scope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 11.2pscope: - version: -

Trust: 0.3

vendor:ciscomodel:iosscope:eqversion:11.2(17)

Trust: 0.3

vendor:ciscomodel:hsrpscope:eqversion:7500.0

Trust: 0.3

vendor:ciscomodel:hsrpscope:eqversion:7200.0

Trust: 0.3

vendor:ciscomodel:hsrpscope:eqversion:4000.0

Trust: 0.3

vendor:ciscomodel:hsrpscope:eqversion:3600.0

Trust: 0.3

vendor:ciscomodel:hsrpscope:eqversion:2600.0

Trust: 0.3

vendor:ciscomodel:hsrpscope:eqversion:2500.0

Trust: 0.3

vendor:ciscomodel: - scope:eqversion:7500

Trust: 0.3

vendor:ciscomodel: - scope:eqversion:7200

Trust: 0.3

vendor:ciscomodel: - scope:eqversion:4000

Trust: 0.3

vendor:ciscomodel: - scope:eqversion:3600

Trust: 0.3

vendor:ciscomodel: - scope:eqversion:2600

Trust: 0.3

vendor:ciscomodel: - scope:eqversion:2500

Trust: 0.3

sources: BID: 1161 // CNNVD: CNNVD-200005-023 // NVD: CVE-2000-0345

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2000-0345
value: LOW

Trust: 1.0

CNNVD: CNNVD-200005-023
value: LOW

Trust: 0.6

VUL-HUB: VH-CVE-2000-0345
value: LOW RISK

Trust: 0.1

NVD: CVE-2000-0345
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: FALSE
version: 2.0

Trust: 1.0

VULHUB: VH-CVE-2000-0345
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VH-CVE-2000-0345 // CNNVD: CNNVD-200005-023 // NVD: CVE-2000-0345

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2000-0345

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-200005-023

TYPE

access verification error

Trust: 0.6

sources: CNNVD: CNNVD-200005-023

CONFIGURATIONS

sources: NVD: CVE-2000-0345

EXPLOIT AVAILABILITY

sources: VULHUB: VH-CVE-2000-0345

EXTERNAL IDS

db:NVDid:CVE-2000-0345

Trust: 2.0

db:BIDid:1161

Trust: 1.9

db:CNNVDid:CNNVD-200005-023

Trust: 0.7

db:BUGTRAQid:20000502 POSSIBLE ISSUE WITH CISCO ON-LINE HELP?

Trust: 0.6

db:VULHUBid:VH-CVE-2000-0345

Trust: 0.1

sources: VULHUB: VH-CVE-2000-0345 // BID: 1161 // CNNVD: CNNVD-200005-023 // NVD: CVE-2000-0345

REFERENCES

url:http://www.securityfocus.com/bid/1161

Trust: 1.6

url:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000502222246.28423.qmail@securityfocus.com

Trust: 1.6

url:http://www.cisco.com/warp/public/707/sec_incident_response.shtml

Trust: 0.3

sources: BID: 1161 // CNNVD: CNNVD-200005-023 // NVD: CVE-2000-0345

CREDITS

This bug was discovered and documented by Fernando Montenegro fsmontenegro@iname.com and Claudio Silotto (csilotto@hotmail.com). The message detailing this vulnerability was sent to the Bugtraq mailing list on 2 May 2000.

Trust: 0.9

sources: BID: 1161 // CNNVD: CNNVD-200005-023

SOURCES

db:VULHUBid:VH-CVE-2000-0345
db:BIDid:1161
db:CNNVDid:CNNVD-200005-023
db:NVDid:CVE-2000-0345

LAST UPDATE DATE

2022-05-04T10:20:55.283000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VH-CVE-2000-0345date:2008-09-10T00:00:00
db:BIDid:1161date:2009-07-11T01:56:00
db:CNNVDid:CNNVD-200005-023date:2005-10-20T00:00:00
db:NVDid:CVE-2000-0345date:2008-09-10T19:04:00

SOURCES RELEASE DATE

db:VULHUBid:VH-CVE-2000-0345date:2000-05-03T00:00:00
db:BIDid:1161date:2000-05-03T00:00:00
db:CNNVDid:CNNVD-200005-023date:2000-05-03T00:00:00
db:NVDid:CVE-2000-0345date:2000-05-03T04:00:00