CVE Vulnerabilities

CVE-2013-6979

Improper Authentication

Published: Dec 23, 2013 | Modified: Aug 29, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
5.4 MEDIUM
AV:N/AC:H/Au:N/C:C/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu

The VTY authentication implementation in Cisco IOS XE 03.02.xxSE and 03.03.xxSE incorrectly relies on the Linux-IOS internal-network configuration, which allows remote attackers to bypass authentication by leveraging access to a 192.168.x.2 source IP address, aka Bug ID CSCuj90227.

Weakness

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Affected Software

Name Vendor Start Version End Version
Ios_xe Cisco - -

Potential Mitigations

References