ACC Tigris Access Terminal Configuration Disclosure

Medium Nessus Plugin ID 10351

Synopsis

The remote router is affected by an information disclosure vulnerability.

Description

The remote router is an ACC Tigris Terminal Server. Some software versions on this router will allow an attacker to run the SHOW command without first providing authentication. An attacker could exploit this to read part of the router's configuration.

In addition there is a 'public' account with a default password of 'public' which would allow an attacker to execute non-privileged commands on the host.

Solution

Add access entries to the server to allow access only from authorized staff.

See Also

https://seclists.org/bugtraq/1999/Jan/23

https://seclists.org/bugtraq/1999/Jan/32

Plugin Details

Severity: Medium

ID: 10351

File Name: acc.nasl

Version: 1.27

Type: remote

Family: Misc.

Published: 2000/03/21

Updated: 2018/11/15

Dependencies: 17975

Risk Information

Risk Factor: Medium

CVSS v2.0

Base Score: 6.4

Temporal Score: 4.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

Exploit Available: false

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 1999/01/03

Reference Information

CVE: CVE-1999-0383

BID: 183