[NEWS] Enterasys Vertical Horizon Switches Multiple Vulnerabilities

From: SecuriTeam (support_at_securiteam.com)
Date: 06/22/05

Next message: SecuriTeam: "[EXPL] PeerCast Remote Format String (Exploit)"

Previous message: SecuriTeam: "[REVS] Second-Order Symlink Vulnerabilities"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: list@securiteam.com
Date: 22 Jun 2005 10:56:35 +0200

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

The SecuriTeam alerts list - Free, Accurate, Independent.

Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html

- - - - - - - - -

Enterasys Vertical Horizon Switches Multiple Vulnerabilities
------------------------------------------------------------------------

SUMMARY

"The <http://www.enterasys.com/> Vertical Horizon VH-2402S2 Fast Ethernet
switch provides 24 10/100 Mbps RJ45 ports and two option slots for
expansion, plus a dedicated management slot. "

Enterasys Vertical Horizon switches contain an undocumented user and
several debugging keyboard shortcuts that allow attackers access and
information to and about the switch.

DETAILS

Vulnerable Systems:
* Vertical Horizon VH-2402S with firmware 02.05.09.07 and prior

Immune Systems:
* Vertical Horizon VH-2402S with firmware 2.05.09.08

An undocumented user "tiger" with a default password "tiger123" allow
unauthorized users to use and gain information about the switches.

There are several debugging keyboard shortcuts of Ctrl-F, Ctrl-B, Ctrl-G
or Ctrl-L when one choose to connect using a serial connection or telnet,
and obtain debug information about the switches. The write commands
available after pressing Ctrl-G can be harmful to the switch - allowing
any valid user including guest user to remotely disable the switch.

Vendor Status:
The vendor has released a firmware that remove the default users and the
debugging shortcuts. The update can be obtained at:
<http://www.enterasys.com/download/download.cgi?lib=vh>
http://www.enterasys.com/download/download.cgi?lib=vh

ADDITIONAL INFORMATION

The information has been provided by <mailto:sq5bpf@andra.com.pl> Jacek
Lipkowski .

========================================

This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

Next message: SecuriTeam: "[EXPL] PeerCast Remote Format String (Exploit)"

Previous message: SecuriTeam: "[REVS] Second-Order Symlink Vulnerabilities"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

[NEWS] Cisco Linksys WET11 Password Resetting
... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Linksys WET11 is "an Ethernet wireless bridge". ... basic authentication from sniffed packets, ... Upgrade to the latest firmware to deter blind password resetting. ...
(Securiteam)
[NEWS] Belkin Wireless Devices Authentication Bypass Vulnerability
... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... * Belkin Wireless Router model F5D7232-4 ... * Firmware version 4.05.03 ...
(Securiteam)