ACC Tigris Access Terminal Configuration Disclosure

This script is Copyright (C) 2000-2016 Sebastian Andersson


Synopsis :

The remote router is affected by an information disclosure
vulnerability.

Description :

The remote router is an ACC Tigris Terminal Server. Some software
versions on this router will allow an attacker to run the SHOW command
without first providing authentication. An attacker could exploit
this to read part of the router's configuration.

In addition there is a 'public' account with a default password of
'public' which would allow an attacker to execute non-privileged
commands on the host.

See also :

http://seclists.org/bugtraq/1999/Jan/23
http://seclists.org/bugtraq/1999/Jan/32

Solution :

Add access entries to the server to allow access only from authorized
staff.

Risk factor :

Medium / CVSS Base Score : 6.4
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
CVSS Temporal Score : 6.1
(CVSS2#E:F/RL:U/RC:ND)

Family: Misc.

Nessus Plugin ID: 10351 (acc.nasl)

Bugtraq ID: 183

CVE ID: CVE-1999-0383

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now