Cisco Catalyst Enable Password Bypass Vulnerability

Under certain versions of the Cisco Catalyst a user who already has access to the device can elevate their current access to 'enable' mode without a password. Once 'enable' mode is obtained the user can access the configuration mode and commit unauthorized configuration changes on a Catalyst switch.

This can be done either from the console itself or via a remote Telnet session.


 

Privacy Statement
Copyright 2010, SecurityFocus