Sign-up

ID

VAR-201303-0475


TITLE

Cisco IOS and IOS XE Unsecure Password Hash Vulnerabilities

Trust: 0.6

sources: CNVD: CNVD-2013-01935

DESCRIPTION

Cisco IOS is a popular Internet operating system. An insecure password hash vulnerability exists in Cisco IOS and IOS XE. An attacker can exploit a vulnerability to perform a brute force attack and obtain a password for unauthorized access. This may aid in other attacks

Trust: 0.81

sources: CNVD: CNVD-2013-01935 // BID: 58557

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2013-01935

AFFECTED PRODUCTS

vendor:ciscomodel:ios xescope: - version: -

Trust: 0.6

vendor:ciscomodel:iosscope: - version: -

Trust: 0.6

vendor:ciscomodel:iosscope:eqversion:0

Trust: 0.3

sources: CNVD: CNVD-2013-01935 // BID: 58557

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2013-01935
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2013-01935
severity: MEDIUM
baseScore: 4.4
vectorString: AV:L/AC:M/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.4
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2013-01935

THREAT TYPE

local

Trust: 0.9

sources: BID: 58557 // CNNVD: CNNVD-201303-401

TYPE

Design Error

Trust: 0.3

sources: BID: 58557

EXTERNAL IDS

db:BIDid:58557

Trust: 1.5

db:CNVDid:CNVD-2013-01935

Trust: 0.6

db:CNNVDid:CNNVD-201303-401

Trust: 0.6

sources: CNVD: CNVD-2013-01935 // BID: 58557 // CNNVD: CNNVD-201303-401

REFERENCES

url:http://www.securityfocus.com/bid/58557

Trust: 1.2

url:http://www.cisco.com

Trust: 0.3

url:http://www.cisco.com/en/us/products/sw/iosswrel/products_ios_cisco_ios_software_category_home.html

Trust: 0.3

sources: CNVD: CNVD-2013-01935 // BID: 58557 // CNNVD: CNNVD-201303-401

CREDITS

Philipp Schmidt and Jens Steube

Trust: 0.9

sources: BID: 58557 // CNNVD: CNNVD-201303-401

SOURCES

db:CNVDid:CNVD-2013-01935
db:BIDid:58557
db:CNNVDid:CNNVD-201303-401

LAST UPDATE DATE

2022-05-17T02:00:04.580000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2013-01935date:2013-05-22T00:00:00
db:BIDid:58557date:2013-03-18T00:00:00
db:CNNVDid:CNNVD-201303-401date:2013-03-20T00:00:00

SOURCES RELEASE DATE

db:CNVDid:CNVD-2013-01935date:2013-03-21T00:00:00
db:BIDid:58557date:2013-03-18T00:00:00
db:CNNVDid:CNNVD-201303-401date:2013-03-20T00:00:00