Vulnerability Development mailing list archives
Cisco 2621
From: Ollie Whitehouse <ollie () DELPHISPLC COM>
Date: Thu, 7 Sep 2000 14:22:55 +0100
All,
During a recent attack & penetration test the following was discovered,
thought it might be interesting.
Router : 2621
Software : Version 11.3(2)XA4, RELEASE SOFTWARE (fc1)
The router's AUX line had been configured as follows:
line aux 0
no exec
password 7 **********
login
transport input all
The NMAP scan of that network showed the following:
Port State Service
23/tcp open telnet
2065/tcp open dlsrpn
Doing a who on the router showed the following also (this is while a
connection is open on port 2065):
2621router>who
Line User Host(s) Idle Location
65 aux 0 incoming 00:00:32 192.168.0.1
* 66 vty 0 idle 00:00:00 192.168.11.87
No exploitable, but just keep it in mind when you see port 2065 listening
;o).
Rgds
Ollie
-----
Ollie Whitehouse
Security Team Leader
Delphis Consulting
tel: +44 (0)20 79160200
mai: ollie () delphisplc com
This e-mail and any files transmitted with it are intended solely for the
addressee and are confidential. They may also be legally
privileged.Copyright in them is reserved by Delphis Consulting PLC
["Delphis"] and they must not be disclosed to, or used by, anyone other than
the addressee.If you have received this e-mail and any accompanying files in
error, you may not copy, publish or use them in any way and you should
delete them from your system and notify us immediately.E-mails are not
secure. Delphis does not accept responsibility for changes to e-mails that
occur after they have been sent. Any opinions expressed in this e-mail may
be personal to the author and may not necessarily reflect the opinions of
Delphis
Current thread:
- Cisco 2621 Ollie Whitehouse (Sep 07)
- <Possible follow-ups>
- Re: Cisco 2621 Lincoln Yeoh (Sep 08)
- Re: Cisco 2621 Erick B. (Sep 12)
