Vulnerabilities > CVE-1999-0383 - Unspecified vulnerability in ACC Tigris 10.5.8
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
ACC Tigris allows public access without a login.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Nessus
NASL family Default Unix Accounts NASL id ACCOUNT_PUBLIC_PUBLIC.NASL description The account last seen 2020-06-01 modified 2020-06-02 plugin id 17290 published 2005-03-08 reporter This script is Copyright (C) 2005-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/17290 title Default Password (public) for 'public' Account code # # (C) Tenable Network Security, Inc. # account = "public"; password = "public"; include("compat.inc"); if (description) { script_id(17290); script_version ("1.35"); script_cvs_date("Date: 2018/11/15 20:50:21"); script_cve_id("CVE-1999-0383", "CVE-1999-0502"); script_bugtraq_id(183); script_name(english:"Default Password (public) for 'public' Account"); script_summary(english:"Attempts to log in to the remote host."); script_set_attribute(attribute:"synopsis", value: "The remote system can be accessed with a default user account."); script_set_attribute(attribute:"description", value: "The account 'public' on the remote host has the password 'public'. An attacker may use this to gain further privileges on this system."); script_set_attribute(attribute:"see_also", value:"https://seclists.org/bugtraq/1999/Jan/23" ); script_set_attribute(attribute:"solution", value: "Set a password for this account or disable it."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:TF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:T/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"metasploit_name", value:'SSH User Code Execution'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"1999/01/03"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/03/08"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"default_account", value:"true"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Default Unix Accounts"); script_copyright(english:"This script is Copyright (C) 2005-2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("find_service1.nasl", "ssh_detect.nasl", "account_check.nasl"); script_require_ports("Services/telnet", 23, "Services/ssh", 22); script_exclude_keys("global_settings/supplied_logins_only"); exit(0); } # include("audit.inc"); include("default_account.inc"); include("global_settings.inc"); if (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY); if (! thorough_tests && ! get_kb_item("Settings/test_all_accounts")) exit(0, "Neither thorough_tests nor 'Settings/test_all_accounts' is set."); affected = FALSE; ssh_ports = get_service_port_list(svc: "ssh", default:22); foreach port (ssh_ports) { port = check_account(login:account, password:password, port:port, svc:"ssh"); if (port) { affected = TRUE; security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report()); } } if(affected) exit(0); telnet_ports = get_service_port_list(svc: "telnet", default:23); foreach port (telnet_ports) { port = check_account(login:account, password:password, port:port, svc:"telnet"); if (port) { affected = TRUE; security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report()); } } if(!affected) audit(AUDIT_HOST_NOT, "affected");
NASL family Misc. NASL id ACC.NASL description The remote router is an ACC Tigris Terminal Server. Some software versions on this router will allow an attacker to run the SHOW command without first providing authentication. An attacker could exploit this to read part of the router last seen 2020-06-01 modified 2020-06-02 plugin id 10351 published 2000-03-21 reporter This script is Copyright (C) 2000-2018 Sebastian Andersson source https://www.tenable.com/plugins/nessus/10351 title ACC Tigris Access Terminal Configuration Disclosure code # # # This script was written by Sebastian Andersson <[email protected]> # # Changes by Tenable: # - french description, script id, cve id [RD] # - changed family (9/6/09) # # See the Nessus Scripts License for details # include("compat.inc"); if(description) { script_id(10351); script_version ("1.27"); script_cve_id("CVE-1999-0383"); script_bugtraq_id(183); script_name(english:"ACC Tigris Access Terminal Configuration Disclosure"); script_summary(english:"Checks for ACC SHOW command bug"); script_set_attribute(attribute:"synopsis", value: "The remote router is affected by an information disclosure vulnerability." ); script_set_attribute(attribute:"description", value: "The remote router is an ACC Tigris Terminal Server. Some software versions on this router will allow an attacker to run the SHOW command without first providing authentication. An attacker could exploit this to read part of the router's configuration. In addition there is a 'public' account with a default password of 'public' which would allow an attacker to execute non-privileged commands on the host." ); script_set_attribute(attribute:"see_also", value:"https://seclists.org/bugtraq/1999/Jan/23" ); script_set_attribute(attribute:"see_also", value:"https://seclists.org/bugtraq/1999/Jan/32" ); script_set_attribute(attribute:"solution", value: "Add access entries to the server to allow access only from authorized staff." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_publication_date", value: "2000/03/21"); script_set_attribute(attribute:"vuln_publication_date", value: "1999/01/03"); script_cvs_date("Date: 2018/11/15 20:50:23"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2000-2018 Sebastian Andersson"); script_family(english:"Misc."); script_dependencies("find_service1.nasl"); script_require_ports("Services/telnet", 23); exit(0); } # # The script code starts here # include('telnet_func.inc'); port = get_kb_item("Services/telnet"); if (!port) port = 23; if (! get_port_state(port)) exit(0, "Port "+port+" is closed."); banner = get_telnet_banner(port:port); if ( ! banner) exit(1, "No telnet banner on port "+port+"."); if ("Login:" >< banner ) exit(0, "Invalid telnet banner on port "+port+"."); soc = open_sock_tcp(port); if (! soc) exit(1, "Could not connect to TCP port "+port+"."); first_line = telnet_negotiate(socket:soc); if("Login:" >< first_line) { req = '\x15SHOW\r\n'; send(socket:soc, data:req); r = recv_line(socket:soc, length:1024); r = recv_line(socket:soc, length:1024); if(("SET" >< r) || ("ADD" >< r) || ("RESET" >< r)) { security_warning(port); # cleanup the router... while("RESET" >!< r) { if("Type 'Q' to quit" >< r) { send(socket:soc, data:"Q"); close(soc); exit(0); } r = recv(socket:soc, length:1024); } } } close(soc);