ID

VAR-200005-0033


CVE

CVE-2000-0345


TITLE

Cisco Router Online Help Vulnerability

Trust: 0.9

sources: BID: 1161 // CNNVD: CNNVD-200005-023

DESCRIPTION

The on-line help system options in Cisco routers allows non-privileged users without "enabled" access to obtain sensitive information via the show command. This information is comprised of access lists among other things. The help system itself does not list these items as being available via the 'show' commands yet none the less it will execute them. The message which detailed this vulnerability to the Bugtraq mailing list is attached in the 'Credit' section of this vulnerability entry. It is suggested that you read it if this vulnerability affects your infrastructure

Trust: 1.26

sources: NVD: CVE-2000-0345 // BID: 1161 // VULHUB: VHN-1924

AFFECTED PRODUCTS

vendor:ciscomodel:iosscope:eqversion:11.1

Trust: 1.9

vendor:ciscomodel:iosscope:eqversion:11.1\(13\)ia

Trust: 1.6

vendor:ciscomodel:iosscope:eqversion:11.1\(15\)ca

Trust: 1.6

vendor:ciscomodel:iosscope:eqversion:11.1\(17\)cc

Trust: 1.6

vendor:ciscomodel:iosscope:eqversion:11.1\(13\)ca

Trust: 1.6

vendor:ciscomodel:iosscope:eqversion:11.1\(16\)

Trust: 1.6

vendor:ciscomodel:iosscope:eqversion:11.1\(13\)

Trust: 1.6

vendor:ciscomodel:iosscope:eqversion:11.1\(16\)aa

Trust: 1.6

vendor:ciscomodel:iosscope:eqversion:11.1\(16\)ia

Trust: 1.6

vendor:ciscomodel:iosscope:eqversion:11.1\(13\)aa

Trust: 1.6

vendor:ciscomodel:iosscope:eqversion:9.14

Trust: 1.3

vendor:ciscomodel:iosscope:eqversion:12.0

Trust: 1.3

vendor:ciscomodel:iosscope:eqversion:11.2

Trust: 1.3

vendor:ciscomodel:iosscope:eqversion:11.2p

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.0\(6\)

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.0\(2\)

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.0\(4\)s

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.0\(9\)s

Trust: 1.0

vendor:ciscomodel:router 4000scope:eqversion:*

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:11.1\(17\)ct

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:11.2\(10\)bc

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.0\(1\)xe

Trust: 1.0

vendor:ciscomodel:router 2600scope:eqversion:*

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.0\(2\)xd

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.0\(1\)w

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:11.2\(8\)p

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:11.2\(9\)xa

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.0\(2\)xf

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.0\(5\)

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.0\(1\)xa3

Trust: 1.0

vendor:ciscomodel:router 7200scope:eqversion:*

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.0\(2\)xc

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.0db

Trust: 1.0

vendor:ciscomodel:router 2500scope:eqversion:*

Trust: 1.0

vendor:ciscomodel:router 3600scope:eqversion:*

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:11.2\(10\)

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.0\(3\)t2

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.0\(7\)t

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.0s

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.0\(4\)t

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.0\(8\)

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:11.2\(8\)sa3

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.0\(2\)xg

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:11.2\(8\)sa5

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.0\(1\)xb

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:11.2\(17\)

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.0\(5\)t1

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:11.2\(8\)

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.0\(4\)

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:11.2\(8\)sa1

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:11.2\(4\)f1

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:11.2\(9\)p

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.0t

Trust: 1.0

vendor:ciscomodel:router 7500scope:eqversion:*

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.0.7

Trust: 0.3

vendor:ciscomodel:iosscope:eqversion:12.0.6

Trust: 0.3

vendor:ciscomodel:iosscope:eqversion:12.0.5

Trust: 0.3

vendor:ciscomodel:ios tscope:eqversion:12.0.4

Trust: 0.3

vendor:ciscomodel:ios sscope:eqversion:12.0.4

Trust: 0.3

vendor:ciscomodel:iosscope:eqversion:12.0.4

Trust: 0.3

vendor:ciscomodel:ios t2scope:eqversion:12.0.3

Trust: 0.3

vendor:ciscomodel:ios xgscope:eqversion:12.0.2

Trust: 0.3

vendor:ciscomodel:ios xfscope:eqversion:12.0.2

Trust: 0.3

vendor:ciscomodel:ios xdscope:eqversion:12.0.2

Trust: 0.3

vendor:ciscomodel:ios xcscope:eqversion:12.0.2

Trust: 0.3

vendor:ciscomodel:iosscope:eqversion:12.0.2

Trust: 0.3

vendor:ciscomodel:ios xescope:eqversion:12.0.1

Trust: 0.3

vendor:ciscomodel:ios xbscope:eqversion:12.0.1

Trust: 0.3

vendor:ciscomodel:ios xa3scope:eqversion:12.0.1

Trust: 0.3

vendor:ciscomodel:ios wscope:eqversion:12.0.1

Trust: 0.3

vendor:ciscomodel:ios bcscope:eqversion:11.2.10

Trust: 0.3

vendor:ciscomodel:iosscope:eqversion:11.2.10

Trust: 0.3

vendor:ciscomodel:ios xascope:eqversion:11.2.9

Trust: 0.3

vendor:ciscomodel:ios pscope:eqversion:11.2.9

Trust: 0.3

vendor:ciscomodel:ios sa5scope:eqversion:11.2.8

Trust: 0.3

vendor:ciscomodel:ios sa3scope:eqversion:11.2.8

Trust: 0.3

vendor:ciscomodel:ios sa1scope:eqversion:11.2.8

Trust: 0.3

vendor:ciscomodel:ios pscope:eqversion:11.2.8

Trust: 0.3

vendor:ciscomodel:iosscope:eqversion:11.2.8

Trust: 0.3

vendor:ciscomodel:ios f1scope:eqversion:11.2.4

Trust: 0.3

vendor:ciscomodel:ios ctscope:eqversion:11.1.17

Trust: 0.3

vendor:ciscomodel:ios ccscope:eqversion:11.1.17

Trust: 0.3

vendor:ciscomodel:ios iascope:eqversion:11.1.16

Trust: 0.3

vendor:ciscomodel:ios aascope:eqversion:11.1.16

Trust: 0.3

vendor:ciscomodel:iosscope:eqversion:11.1.16

Trust: 0.3

vendor:ciscomodel:ios cascope:eqversion:11.1.15

Trust: 0.3

vendor:ciscomodel:ios iascope:eqversion:11.1.13

Trust: 0.3

vendor:ciscomodel:ios cascope:eqversion:11.1.13

Trust: 0.3

vendor:ciscomodel:ios aascope:eqversion:11.1.13

Trust: 0.3

vendor:ciscomodel:iosscope:eqversion:11.1.13

Trust: 0.3

vendor:ciscomodel:ios 12.0tscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.0sscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.0dbscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.0 sscope: - version: -

Trust: 0.3

vendor:ciscomodel:iosscope:eqversion:12.0(8)

Trust: 0.3

vendor:ciscomodel:ios 12.0 tscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.0 t1scope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 11.2pscope: - version: -

Trust: 0.3

vendor:ciscomodel:iosscope:eqversion:11.2(17)

Trust: 0.3

vendor:ciscomodel:hsrpscope:eqversion:7500.0

Trust: 0.3

vendor:ciscomodel:hsrpscope:eqversion:7200.0

Trust: 0.3

vendor:ciscomodel:hsrpscope:eqversion:4000.0

Trust: 0.3

vendor:ciscomodel:hsrpscope:eqversion:3600.0

Trust: 0.3

vendor:ciscomodel:hsrpscope:eqversion:2600.0

Trust: 0.3

vendor:ciscomodel:hsrpscope:eqversion:2500.0

Trust: 0.3

vendor:ciscomodel: - scope:eqversion:7500

Trust: 0.3

vendor:ciscomodel: - scope:eqversion:7200

Trust: 0.3

vendor:ciscomodel: - scope:eqversion:4000

Trust: 0.3

vendor:ciscomodel: - scope:eqversion:3600

Trust: 0.3

vendor:ciscomodel: - scope:eqversion:2600

Trust: 0.3

vendor:ciscomodel: - scope:eqversion:2500

Trust: 0.3

sources: BID: 1161 // CNNVD: CNNVD-200005-023 // NVD: CVE-2000-0345

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2000-0345
value: LOW

Trust: 1.0

CNNVD: CNNVD-200005-023
value: LOW

Trust: 0.6

VULHUB: VHN-1924
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2000-0345
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-1924
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-1924 // CNNVD: CNNVD-200005-023 // NVD: CVE-2000-0345

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2000-0345

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-200005-023

TYPE

access verification error

Trust: 0.6

sources: CNNVD: CNNVD-200005-023

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-1924

EXTERNAL IDS

db:BIDid:1161

Trust: 2.0

db:NVDid:CVE-2000-0345

Trust: 2.0

db:CNNVDid:CNNVD-200005-023

Trust: 0.7

db:BUGTRAQid:20000502 POSSIBLE ISSUE WITH CISCO ON-LINE HELP?

Trust: 0.6

db:VULHUBid:VHN-1924

Trust: 0.1

sources: VULHUB: VHN-1924 // BID: 1161 // CNNVD: CNNVD-200005-023 // NVD: CVE-2000-0345

REFERENCES

url:http://www.securityfocus.com/bid/1161

Trust: 2.7

url:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000502222246.28423.qmail%40securityfocus.com

Trust: 2.0

url:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000502222246.28423.qmail@securityfocus.com

Trust: 0.6

url:http://www.cisco.com/warp/public/707/sec_incident_response.shtml

Trust: 0.3

url:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000502222246.28423.qmail@securityfocus.com

Trust: 0.1

sources: VULHUB: VHN-1924 // BID: 1161 // CNNVD: CNNVD-200005-023 // NVD: CVE-2000-0345

CREDITS

This bug was discovered and documented by Fernando Montenegro fsmontenegro@iname.com and Claudio Silotto (csilotto@hotmail.com). The message detailing this vulnerability was sent to the Bugtraq mailing list on 2 May 2000.

Trust: 0.9

sources: BID: 1161 // CNNVD: CNNVD-200005-023

SOURCES

db:VULHUBid:VHN-1924
db:BIDid:1161
db:CNNVDid:CNNVD-200005-023
db:NVDid:CVE-2000-0345

LAST UPDATE DATE

2024-11-22T23:00:11.139000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-1924date:2008-09-10T00:00:00
db:BIDid:1161date:2009-07-11T01:56:00
db:CNNVDid:CNNVD-200005-023date:2005-10-20T00:00:00
db:NVDid:CVE-2000-0345date:2024-11-20T23:32:17.483

SOURCES RELEASE DATE

db:VULHUBid:VHN-1924date:2000-05-03T00:00:00
db:BIDid:1161date:2000-05-03T00:00:00
db:CNNVDid:CNNVD-200005-023date:2000-05-03T00:00:00
db:NVDid:CVE-2000-0345date:2000-05-03T04:00:00