ACC Tigris Access Terminal Configuration Disclosure

This script is Copyright (C) 2000-2011 Sebastian Andersson


Synopsis :

The remote router is affected by an information disclosure
vulnerability.

Description :

The remote router is an ACC Tigris Terminal Server. Some software
versions on this router will allow an attacker to run the SHOW command
without first providing authentication. An attacker could exploit
this to read part of the router's configuration.

In addition there is a 'public' account with a default password of
'public' which would allow an attacker to execute non-privileged
commands on the host.

See also :

http://archives.neohapsis.com/archives/bugtraq/1999_1/0023.html
http://archives.neohapsis.com/archives/bugtraq/1999_1/0032.html

Solution :

Add access entries to the server to allow access only from authorized
staff.

Risk factor :

Medium / CVSS Base Score : 6.4
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
CVSS Temporal Score : 6.1
(CVSS2#E:F/RL:U/RC:ND)

Family: Misc.

Nessus Plugin ID: 10351 (acc.nasl)

Bugtraq ID: 183

CVE ID: CVE-1999-0383

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial