ACC Tigris Access Terminal Configuration Disclosure

This script is Copyright (C) 2000-2011 Sebastian Andersson


Synopsis :

The remote router is affected by an information disclosure
vulnerability.

Description :

The remote router is an ACC Tigris Terminal Server. Some software
versions on this router will allow an attacker to run the SHOW command
without first providing authentication. An attacker could exploit
this to read part of the router's configuration.

In addition there is a 'public' account with a default password of
'public' which would allow an attacker to execute non-privileged
commands on the host.

See also :

http://archives.neohapsis.com/archives/bugtraq/1999_1/0023.html
http://archives.neohapsis.com/archives/bugtraq/1999_1/0032.html

Solution :

Add access entries to the server to allow access only from authorized
staff.

Risk factor :

Medium / CVSS Base Score : 6.4
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
CVSS Temporal Score : 6.1
(CVSS2#E:F/RL:U/RC:ND)

Family: Misc.

Nessus Plugin ID: 10351 (acc.nasl)

Bugtraq ID: 183

CVE ID: CVE-1999-0383