Cisco CBOS Show NAT Output Session Switching Vulnerability

Cisco CBOS is the operating system included on home-based Cisco routers, such as Cisco DSL routers. CBOS is maintained and distributed by Cisco Systems.

A problem in the implementation of some revisions of Cisco CBOS may make it possible for a user to gain access to privileged information. A console handling problem in Cisco CBOS creates a situation where a client connecting to a Cisco router can view the contents of a show nat command if the client connection is negotiated during the command execution.

This makes it possible for a user without show privileges to gain access to privileged information, which can be used in an information gathering attack, and potentially map the network.


Privacy Statement
Copyright 2010, SecurityFocus