ID
VAR-199710-0036
TITLE
Cisco IOS CHAP Authentication Vulnerabilities
Trust: 0.3
DESCRIPTION
Cisco IOS software is reported prone to an authentication bypass vulnerability. This vulnerability presents itself in PPP CHAP authentication used by IOS. A remote attacker may bypass authentication to gain unauthorized access to vulnerable device. Cisco non-switch products with product numbers greater than or equal to 1000, AGS/AGS+/CGS/MGS, and CS-500 products are vulnerable to this issue. Another vulnerability related to the issue described above affects Cisco IOS/700 software. This issue can allow a remote attacker to establish an unauthorized PPP connection to a device that is running the vulnerable application. This attack requires the device to be using CHAP authentication and the attacker needs to modify code for a vulnerable PPP/CHAP implementation.
Trust: 0.3
AFFECTED PRODUCTS
| vendor: | cisco | model: | ios/700 | scope: | eq | version: | 4.1 | Trust: 0.3 |
| vendor: | cisco | model: | ios | scope: | eq | version: | 9.1 | Trust: 0.3 |
| vendor: | cisco | model: | ios 11.2p | scope: | - | version: | - | Trust: 0.3 |
| vendor: | cisco | model: | ios | scope: | eq | version: | 11.2 | Trust: 0.3 |
| vendor: | cisco | model: | ios | scope: | eq | version: | 11.1 | Trust: 0.3 |
| vendor: | cisco | model: | ios | scope: | eq | version: | 11.0 | Trust: 0.3 |
| vendor: | cisco | model: | ios | scope: | eq | version: | 10.3 | Trust: 0.3 |
| vendor: | cisco | model: | ios/700 | scope: | ne | version: | 4.1.2 | Trust: 0.3 |
| vendor: | cisco | model: | ios p | scope: | ne | version: | 11.2.8 | Trust: 0.3 |
| vendor: | cisco | model: | ios | scope: | ne | version: | 11.2.8 | Trust: 0.3 |
| vendor: | cisco | model: | ios f1 | scope: | ne | version: | 11.2.4 | Trust: 0.3 |
| vendor: | cisco | model: | ios ia | scope: | ne | version: | 11.1.13 | Trust: 0.3 |
| vendor: | cisco | model: | ios ca | scope: | ne | version: | 11.1.13 | Trust: 0.3 |
| vendor: | cisco | model: | ios aa | scope: | ne | version: | 11.1.13 | Trust: 0.3 |
| vendor: | cisco | model: | ios | scope: | ne | version: | 11.1.13 | Trust: 0.3 |
| vendor: | cisco | model: | ios bt | scope: | ne | version: | 11.0.17 | Trust: 0.3 |
| vendor: | cisco | model: | ios | scope: | ne | version: | 11.0.17 | Trust: 0.3 |
| vendor: | cisco | model: | ios a | scope: | ne | version: | 10.3.19 | Trust: 0.3 |
THREAT TYPE
network
Trust: 0.3
TYPE
Access Validation Error
Trust: 0.3
EXTERNAL IDS
| db: | BID | id: | 693 | Trust: 0.3 |
REFERENCES
| url: | http://www.cisco.com/warp/public/707/sec_incident_response.shtml | Trust: 0.3 |
CREDITS
This vulnerability was first reported by Cisco on 1 October 1997.
Trust: 0.3
SOURCES
| db: | BID | id: | 693 |
LAST UPDATE DATE
2022-05-17T01:57:30.078000+00:00
SOURCES UPDATE DATE
| db: | BID | id: | 693 | date: | 1997-10-01T00:00:00 |
SOURCES RELEASE DATE
| db: | BID | id: | 693 | date: | 1997-10-01T00:00:00 |