Cisco CCS command line interface could allow read access to files and directories

cisco-ccs-file-access (6031) The risk level is classified as MediumMedium Risk

Description:

The Cisco Content Services Switch (CSS), also known as Arrowpoint, could allow a remote attacker to gain read access to files and directories using a vulnerability in the command line interface (CLI). The switch is not enabled for command line access by default. To enable CLI access to the switch, an administrator must configure management address user accounts. A remote attacker with a valid user account could request a non-existent file name to view a directory listing, and then use the directory structure information to gain read access to files.

The vulnerable switches are Cisco CSS 11050, CSS 11150, and CSS 11800.

Platforms Affected:

  • Cisco, Content Services Switch 11050
  • Cisco, Content Services Switch 11150
  • Cisco, Content Services Switch 11800

Remedy:

Contact Cisco Technical Assistance Center for information regarding upgrade or patch information. See References.

As a workaround, restrict access to the switch by configuring access control lists or disable the Telnet service on the switch.

Consequences:

Obtain Information

References:

Reported:

Jan 31, 2001

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page