Details of VAR-200708-0509

ID

VAR-200708-0509

CVE

CVE-2007-4632

TITLE

Cisco IOS Problem with rewriting login settings

Trust: 0.8

sources: JVNDB: JVNDB-2007-000643

DESCRIPTION

Cisco IOS 12.2E, 12.2F, and 12.2S places a "no login" line into the VTY configuration when an administrator makes certain changes to a (1) VTY/AUX or (2) CONSOLE setting on a device without AAA enabled, which allows remote attackers to bypass authentication and obtain a terminal session, a different vulnerability than CVE-1999-0293 and CVE-2005-2105. Cisco IOS is prone to a remote authentication-bypass vulnerability because the software fails to properly ensure that password authentication is required. Successfully exploiting this issue allows remote attackers to gain VTY access to vulnerable devices without requiring successful password authentication. This issue is being tracked by Cisco bug ID CSCsa91175. Cisco IOS 12.2E, 12.2F, and 12.2S put a "no login" line in the VTY settings

Trust: 1.98

sources: NVD: CVE-2007-4632 // JVNDB: JVNDB-2007-000643 // BID: 25482 // VULHUB: VHN-27994

AFFECTED PRODUCTS

vendor:	cisco	model:	ios	scope:	eq	version:	12.2s	Trust: 1.6
vendor:	cisco	model:	ios	scope:	eq	version:	12.2f	Trust: 1.6
vendor:	cisco	model:	ios	scope:	eq	version:	12.2e	Trust: 1.6
vendor:	cisco	model:	ios	scope:	eq	version:	12.2	Trust: 0.8
vendor:	cisco	model:	ios 12.2sz	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2sxe	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2sxd	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2sw	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2sv	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2sg	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2seg	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2sef	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2see	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2sed	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2sec	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2seb	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2sea	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2se	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2sbc	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2sb	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2s	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2fy	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2fx	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2ey	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2ex	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2ewa	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2ew	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2eu	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios fz	scope:	eq	version:	12.2	Trust: 0.3
vendor:	cisco	model:	ios 12.2 ey	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2 se	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2 ex	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2 sg	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2 sb	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2 sxe4	scope:	ne	version:	-	Trust: 0.3

sources: BID: 25482 // JVNDB: JVNDB-2007-000643 // CNNVD: CNNVD-200708-505 // NVD: CVE-2007-4632

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2007-4632
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2007-4632
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-200708-505
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-27994
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2007-4632
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:A/AC:H/AU:N/C:P/I:P/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.2
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-27994
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:A/AC:H/AU:N/C:P/I:P/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.2
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-27994 // JVNDB: JVNDB-2007-000643 // CNNVD: CNNVD-200708-505 // NVD: CVE-2007-4632

PROBLEMTYPE DATA

problemtype:

CWE-287

Trust: 1.9

sources: VULHUB: VHN-27994 // JVNDB: JVNDB-2007-000643 // NVD: CVE-2007-4632

THREAT TYPE

specific network environment

Trust: 0.6

sources: CNNVD: CNNVD-200708-505

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-200708-505

CONFIGURATIONS

sources: JVNDB: JVNDB-2007-000643

PATCH

title:

98589

url:

http://www.cisco.com/warp/public/707/cisco-sr-20070829-vty.shtml

Trust: 0.8

sources: JVNDB: JVNDB-2007-000643

EXTERNAL IDS

db:	NVD	id:	CVE-2007-4632	Trust: 2.8
db:	BID	id:	25482	Trust: 2.8
db:	JVNDB	id:	JVNDB-2007-000643	Trust: 0.8
db:	OVAL	id:	OVAL:ORG.MITRE.OVAL:DEF:5866	Trust: 0.6
db:	CISCO	id:	20070829 VTY AUTHENTICATION BYPASS VULNERABILITY	Trust: 0.6
db:	CNNVD	id:	CNNVD-200708-505	Trust: 0.6
db:	VULHUB	id:	VHN-27994	Trust: 0.1

sources: VULHUB: VHN-27994 // BID: 25482 // JVNDB: JVNDB-2007-000643 // CNNVD: CNNVD-200708-505 // NVD: CVE-2007-4632

REFERENCES

url:	http://www.securityfocus.com/bid/25482	Trust: 2.5
url:	http://www.cisco.com/en/us/products/products_security_response09186a00808ae4ca.html	Trust: 1.7
url:	https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a5866	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-4632	Trust: 0.8
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-4632	Trust: 0.8
url:	http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:5866	Trust: 0.6
url:	http://www.cisco.com/en/us/products/sw/iosswrel/products_ios_cisco_ios_software_category_home.html	Trust: 0.3
url:	http://www.cisco.com/warp/public/707/cisco-sr-20070829-vty.shtml	Trust: 0.3

sources: VULHUB: VHN-27994 // BID: 25482 // JVNDB: JVNDB-2007-000643 // CNNVD: CNNVD-200708-505 // NVD: CVE-2007-4632

CREDITS

An unknown Korean website, and a Cisco customer are both credited with the independent discovery of this issue.

Trust: 0.9

sources: BID: 25482 // CNNVD: CNNVD-200708-505

SOURCES

db:	VULHUB	id:	VHN-27994
db:	BID	id:	25482
db:	JVNDB	id:	JVNDB-2007-000643
db:	CNNVD	id:	CNNVD-200708-505
db:	NVD	id:	CVE-2007-4632

LAST UPDATE DATE

2025-04-10T23:13:14.589000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-27994	date:	2018-10-26T00:00:00
db:	BID	id:	25482	date:	2015-05-07T17:35:00
db:	JVNDB	id:	JVNDB-2007-000643	date:	2007-09-11T00:00:00
db:	CNNVD	id:	CNNVD-200708-505	date:	2009-03-04T00:00:00
db:	NVD	id:	CVE-2007-4632	date:	2025-04-09T00:30:58.490

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-27994	date:	2007-08-31T00:00:00
db:	BID	id:	25482	date:	2007-08-29T00:00:00
db:	JVNDB	id:	JVNDB-2007-000643	date:	2007-09-11T00:00:00
db:	CNNVD	id:	CNNVD-200708-505	date:	2007-08-31T00:00:00
db:	NVD	id:	CVE-2007-4632	date:	2007-08-31T23:17:00