Bugtraq mailing list archives

Cisco 6509 switch telnet vulnerability

From: Chris Norton <kicktd () hotmail com>
Date: 3 Oct 2003 00:03:26 -0000



A vulnerability has been found on Cisco 6509 switches. The vulnerability was found to work on 2 different Cisco 6509 
switches running CATOS 5.4(2) and 5.5(2). The vulnerability can lead to information and commands being exectued on the 
remote switch from the login prompt. Commands can be exectued at the Enter password: prompt as long as they are 
followed by a space and a ?
Proof of concept below:
Cisco Systems Console

Enter password:
<data_size>                Size of the packet (0..1420)
<cr>                       
Enter password: traceroute 127.0.0.1

This vulnerability has yet to be confirmed by Cisco but they have been alerted about it.

Current thread:

Cisco 6509 switch telnet vulnerability Chris Norton (Oct 03)
- Re: Cisco 6509 switch telnet vulnerability Wendy Garvin (Oct 04)
- Re: Cisco 6509 switch telnet vulnerability Bob Niederman (Oct 04)
  - Re: Cisco 6509 switch telnet vulnerability twig les (Oct 06)