Detections
Analytics

ACC Tigris Access Terminal Configuration Disclosure

medium Nessus Plugin ID 10351

Synopsis

The remote router is affected by an information disclosure vulnerability.

Description

The remote router is an ACC Tigris Terminal Server. Some software versions on this router will allow an attacker to run the SHOW command without first providing authentication. An attacker could exploit this to read part of the router's configuration.

In addition there is a 'public' account with a default password of 'public' which would allow an attacker to execute non-privileged commands on the host.

Solution

Add access entries to the server to allow access only from authorized staff.

See Also

https://seclists.org/bugtraq/1999/Jan/23

https://seclists.org/bugtraq/1999/Jan/32

Plugin Details

Severity: Medium

ID: 10351

File Name: acc.nasl

Version: 1.27

Type: remote

Family: Misc.

Published: 3/21/2000

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.3

CVSS v2

Risk Factor: Medium

Base Score: 6.4

Temporal Score: 4.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N

Vulnerability Information

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 1/3/1999

Reference Information

CVE: CVE-1999-0383

BID: 183