From: Mike Schlenger (mschlenger@meridianitsolutions.com)
Date: Fri Apr 25 2003 - 12:20:36 GMT-3
Michael Schlenger
CCIE #7079
Meridian IT Solutions
mschlenger@meridianitsolutions.com
847.592.3912
-----Original Message-----
From: CCO Field Notice [mailto:cco-pat-bouncehandler@external.cisco.com]
Sent: Friday, April 25, 2003 10:17 AM
To: mschlenger@n2nsolutions.com
Subject: Cisco Security Advisory: Cisco Catalyst Enable Password Bypass
Vulnerability
This e-mail is coming to you courtesy of the Cisco.com
Field Notice tool. Thank you for indicating through your
interest profile that you wish to receive these alerts.
Want to change your Alert Profile or create a new one?
Please go to:
http://www.cisco.com/cgi-bin/Support/FieldNoticeTool/field-notice
Title: Cisco Security Advisory: Cisco Catalyst Enable Password
Bypass Vulnerability
URL:
http://www.cisco.com/warp/customer/707/cisco-sa-20030424-catos.shtml
(available to registered users)
http://www.cisco.com/warp/public/707/cisco-sa-20030424-catos.shtml
(available to non-registered users)
Posted: April 24, 2003
Summary: Cisco Catalyst software permits unauthorized access to the
enable mode in the 7.5(1) release. Once initial access is
granted,
access can be obtained for the higher level "enable" mode
without a
password. This problem is resolved in version 7.6(1). Customers
with
vulnerable releases are urged to upgrade as soon as possible.
This archive was generated by hypermail 2.1.4 : Thu May 01 2003 - 13:36:06 GMT-3