Cisco CHAP Authentication Vulnerabilities - Cisco Systems

This script is (C) 2010-2014 Tenable Network Security, Inc.


Synopsis :

The remote device is missing a vendor-supplied security patch.

Description :

A serious security vulnerability (bug ID CSCdi91594) exists in PPP CHAP
authentication in all "classic" Cisco IOS software versions (the
software used on Cisco non-switch products with product numbers greater
than or equal to 1000, on the AGS/AGS+/CGS/MGS, and on the CS-500, but
not on Catalyst switches or on 7xx or 9xx routers) starting with the
introduction of CHAP support in release 9.1(1). The vulnerability
permits attackers with appropriate skills and knowledge to completely
circumvent CHAP authentication. Other PPP authentication methods are
not affected.
A related vulnerability exists in Cisco IOS/700 software (the software
used on 7xx routers). A configuration workaround exists for IOS/700,
and a complete fix for 76x and 77x routers will be included in software
version 4.1(2), due to be released by December, 1997. A fix for 75x
routers is scheduled for the first half of 1998.

See also :

http://www.nessus.org/u?009e80ca
http://www.nessus.org/u?180118a7

Solution :

Apply the relevant patch referenced in Cisco Security Advisory
cisco-sa-19971001-chap.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 7.5
(CVSS2#E:H/RL:U/RC:ND)

Family: CISCO

Nessus Plugin ID: 48944 (cisco-sa-19971001-chaphttp.nasl)

Bugtraq ID: 693

CVE ID: CVE-1999-0160