Vulnerability

    USR TotalSwitch

Affected

    Those using USR TotalSwitch and CoreBuilder

Description

    Adam Maloney posted following. It's about USR TotalSwitch (chassis
    which takes 5  cards, 10 /  100 / fddi  / whatever, and  a network
    management card).  The switch  is managable via snmp, telnet  or a
    console port.   Using the management  features, you can  disable /
    enable  certain  ports,  configure   IP  routes  and  such.    The
    management software  allows you  to set  a password  to access the
    switch (either by telnet or the console).

    Of course, there is a back-door so techs could reset or debug  the
    unit  if  they  didn't  have  the  password.   Unfortunately, this
    backdoor is not limited to the console port like it should be.  It
    is possible to telnet to the switch, enter a "secret code"  (which
    is readily available,  for everyone's sake  it won't be  given out
    here) and do a memory dump to see the plaintext password.

Solution

    3COM  -  limit  this  functionality  to  the  console  port  ONLY.
    End-user - add an access list to filter telnet to your switch's IP
    address from outside your network.   3COM did put out a patch  for
    this,  though  it  was  rather  quietly  -  it  also  effects  all
    CoreBuilder switches.