Vulnerability

    Cisco Catalyst

Affected

    All users of Cisco Catalyst  4000, 5000, 5500, 6000 and  6500 with
    the software version 5.4(1) only

Description

    Following is  based on  Cisco Security  Advisory.   Cisco Catalyst
    software permits  unauthorized access  to the  enable mode  in the
    5.4(1) release.   Once initial  access is  granted, access  can be
    obtained for the  higher level "enable"  mode without a  password.
    This  problem  is  resolved  in  version  5.4(2).   Customers with
    vulnerable  releases  are  urged  to  upgrade as soon as possible.
    This vulnerability has been assigned Cisco bug ID CSCdr10025.

    The affected image names are as follows:

        cat4000_5-4-1.bin
        cat5000-supg_5-4-1.bin
        cat5000-Sup_5-4-1.bin
        cat5000-Sup3_5-4-1.bin
        cat6000-Sup_5-4-1.bin

    No other releases of Cisco Catalyst software are affected by  this
    vulnerability.   No  other  Cisco  products  are  affected by this
    vulnerability.

    Anyone  who  can  obtain  ordinary  console  access to an affected
    switch can bypass password authentication to obtain "enable"  mode
    access  without  knowledge   of  the  "enable"   password.    This
    vulnerability can  be exploited  through the  network using telnet
    or via the physical console.

    This problem  was introduced  in software  version 5.4(1),  and is
    corrected in version 5.4(2).  Due to this defect, software version
    5.4(1) is  deferred.   Customers are  urged to  upgrade to version
    5.4(2).

    This   vulnerability   permits   unauthorized   access   to    the
    configuration  mode  and  unauthorized  configuration changes on a
    Catalyst switch.

Solution

    Cisco  is  offering   free  software  upgrades   to  remedy   this
    vulnerability  for   all  affected   customers.   Customers   with
    contracts should  obtain upgraded  software through  their regular
    update channels.   For most  customers, this  means that  upgrades
    should be obtained  via the Software  Center on Cisco's  Worldwide
    Web site at http://www.cisco.com.

    There are no known  workarounds for this vulnerability.   Strictly
    limiting  telnet  access  to  the  device will prevent the initial
    connection required to exploit this vulnerability.  Telnet  access
    can be controlled with the following command set:

        set ip permit <address> <mask> telnet
        set ip permit enable

    This command set will deny all traffic not specified in the permit
    statement.