ID

VAR-200004-0027


CVE

CVE-2000-0267


TITLE

Cisco Catalyst Enable Password Bypass Vulnerability

Trust: 0.9

sources: BID: 1122 // CNNVD: CNNVD-200004-054

DESCRIPTION

Cisco Catalyst 5.4.x allows a user to gain access to the "enable" mode without a password. This can be done either from the console itself or via a remote Telnet session

Trust: 1.26

sources: NVD: CVE-2000-0267 // BID: 1122 // VULHUB: VHN-1846

AFFECTED PRODUCTS

vendor:ciscomodel:catosscope:eqversion:5.4\(1\)

Trust: 1.6

vendor:ciscomodel:catalystscope:eqversion:65005.4.1

Trust: 0.3

vendor:ciscomodel:catalystscope:eqversion:60005.4.1

Trust: 0.3

vendor:ciscomodel:catalystscope:eqversion:55005.4.1

Trust: 0.3

vendor:ciscomodel:catalystscope:eqversion:50005.4.1

Trust: 0.3

vendor:ciscomodel:catalystscope:eqversion:40005.4.1

Trust: 0.3

sources: BID: 1122 // CNNVD: CNNVD-200004-054 // NVD: CVE-2000-0267

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2000-0267
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-200004-054
value: MEDIUM

Trust: 0.6

VULHUB: VHN-1846
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2000-0267
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-1846
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-1846 // CNNVD: CNNVD-200004-054 // NVD: CVE-2000-0267

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2000-0267

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-200004-054

TYPE

access verification error

Trust: 0.6

sources: CNNVD: CNNVD-200004-054

EXTERNAL IDS

db:BIDid:1122

Trust: 2.0

db:OSVDBid:1288

Trust: 1.7

db:NVDid:CVE-2000-0267

Trust: 1.7

db:CNNVDid:CNNVD-200004-054

Trust: 0.7

db:CISCOid:20000419 CISCO CATALYST ENABLE PASSWORD BYPASS VULNERABILITY

Trust: 0.6

db:VULHUBid:VHN-1846

Trust: 0.1

sources: VULHUB: VHN-1846 // BID: 1122 // CNNVD: CNNVD-200004-054 // NVD: CVE-2000-0267

REFERENCES

url:http://www.securityfocus.com/bid/1122

Trust: 2.7

url:http://www.cisco.com/warp/public/707/catos-enable-bypass-pub.shtml

Trust: 2.7

url:http://www.osvdb.org/1288

Trust: 2.7

url:http://www.cisco.com/warp/public/707/sec_incident_response.shtml

Trust: 0.3

url: -

Trust: 0.1

sources: VULHUB: VHN-1846 // BID: 1122 // CNNVD: CNNVD-200004-054 // NVD: CVE-2000-0267

CREDITS

This vulnerability was announced by Cisco in a security advisory posted to the Bugtraq mailing list on April 19, 2000. The Cisco BugID for this issue is: CSCdr10025

Trust: 0.9

sources: BID: 1122 // CNNVD: CNNVD-200004-054

SOURCES

db:VULHUBid:VHN-1846
db:BIDid:1122
db:CNNVDid:CNNVD-200004-054
db:NVDid:CVE-2000-0267

LAST UPDATE DATE

2024-11-22T23:08:33.326000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-1846date:2008-09-10T00:00:00
db:BIDid:1122date:2000-04-20T00:00:00
db:CNNVDid:CNNVD-200004-054date:2005-10-12T00:00:00
db:NVDid:CVE-2000-0267date:2024-11-20T23:32:06.640

SOURCES RELEASE DATE

db:VULHUBid:VHN-1846date:2000-04-20T00:00:00
db:BIDid:1122date:2000-04-20T00:00:00
db:CNNVDid:CNNVD-200004-054date:2000-04-20T00:00:00
db:NVDid:CVE-2000-0267date:2000-04-20T04:00:00