Affected Systems:
Cisco IOS 9.14
Cisco IOS 12.0.7
Cisco IOS 12.0.6
Cisco IOS 12.0.5
Cisco IOS 12.0.4T
Cisco IOS 12.0.4S
Cisco IOS 12.0.4
Cisco IOS 12.0.3T2
Cisco IOS 12.0.2XG
Cisco IOS 12.0.2XF
Cisco IOS 12.0.2XD
Cisco IOS 12.0.2XC
Cisco IOS 12.0.2
Cisco IOS 12.0.1XE
Cisco IOS 12.0.1XB
Cisco IOS 12.0.1XA3
Cisco IOS 12.0.1W
Cisco IOS 12.0 T
Cisco IOS 12.0 S
Cisco IOS 12.0DB
Cisco IOS 12.0 (9) S
Cisco IOS 12.0 (8)
Cisco IOS 12.0 (7) T
Cisco IOS 12.0 (5) T1
Cisco IOS 12.0
Cisco IOS 11.2.9XA
Cisco IOS 11.2.9P
Cisco IOS 11.2.8SA5
Cisco IOS 11.2.8SA3
Cisco IOS 11.2.8SA1
Cisco IOS 11.2.8P
Cisco IOS 11.2.8
Cisco IOS 11.2.4F1
Cisco IOS 11.2.10BC
Cisco IOS 11.2.10
Cisco IOS 11.2 P
Cisco IOS 11.2 (17)
Cisco IOS 11.2
Cisco IOS 11.1.17CT
Cisco IOS 11.1.17CC
Cisco IOS 11.1.16IA
Cisco IOS 11.1.16AA
Cisco IOS 11.1.16
Cisco IOS 11.1.15CA
Cisco IOS 11.1.13IA
Cisco IOS 11.1.13CA
Cisco IOS 11.1.13AA
Cisco IOS 11.1.13
Cisco IOS 11.1
Cisco Router 7500.0
Cisco Router 7200.0
Cisco Router 4000.0
Cisco Router 3600.0
Cisco Router 2600.0
Cisco Router 2500.0
Description: there is a problem in many online help systems of Cisco router IOS, which may expose sensitive information. This vulnerability allows a low-level user (for example, a user who does not know the 'enable' password) to use the system to view some information, in theory, this information should be visible only to users who know the 'enable' password. This information includes the access control list and other content. Generally, after logging on to a lower-level user (level 1), use "show? "Only a part of the show command list can be seen. The 'enable' user can see all the commands. There are 75 show commands on a 12.0 router running IOS 3640 (5. In 'disable' mode, the user "show? "Only some of them can be seen. However, this only helps the system not display these commands. In fact, they still exist and are executable. Only 13 are indeed restricted, and the other 62 are still executable. For example: "show access-lists", "show ip", "show cdp", "show logging", "show cdp", "show vlans, although the help system is not displayed, it can still be executed. This may cause leakage of sensitive information to low-level users (or potential attackers ).
Suggestion:
-Set the default logon level to 0.
-Use "privilege exec" to specify commands that can be executed by level 0 users
Article entry: csh responsible editor: csh