{"vuid":"VU#833459","idnumber":"833459","name":"Cisco SN 5420 Storage Router fails to properly authenticate user before granting read access to configuration file","keywords":["Cisco SN 5420 Storage Router","poor authentication","read access","configuration file"],"overview":"It is possible to read the stored configuration file from the Cisco SN 5420 Storage Router without any authorization. This can lead to an intruder gaining access to the storage space on the router.","clean_desc":"A vulnerability has been discovered in the Cisco SN 5420 Storage Router software versions 1.1(5) and earlier. An intruder can read the configuration file of the router without authorization. This can lead to access of the storage space. Cisco has released an advisory to address this issue, it is available at http://www.cisco.com/warp/public/707/SN-multiple-pub.shtml.","impact":"An intruder can gain unauthorized access to the storage space after reading the configuration file of the storage router.","resolution":"This vulnerability is fixed in release 1.1(7) of the software. Please see Cisco's advisory for instructions on how to obtain the updated software for free. Cisco notes that version 1.1(6) of the software was never released.","workarounds":"You can limit your exposure to this vulnerability by using a firewall to restrict access to your network. Note that this does not protect you against attackers from within your network.","sysaffected":"","thanks":"Our thanks to Cisco for the information provided in their advisory.","author":"This document was written by Jason Rafail.","public":["http://www.cisco.com/warp/public/707/SN-multiple-pub.shtml","http://www.securityfocus.com/bid/3832"],"cveids":[""],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2002-01-09T22:12:47Z","publicdate":"2002-01-09T00:00:00Z","datefirstpublished":"2002-01-14T15:37:15Z","dateupdated":"2002-01-14T15:37:51Z","revision":16,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"10","cam_population":"10","cam_impact":"15","cam_easeofexploitation":"17","cam_attackeraccessrequired":"13","cam_scorecurrent":"15.5390625","cam_scorecurrentwidelyknown":"18.646875","cam_scorecurrentwidelyknownexploited":"31.078125","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":15.5390625,"vulnote":null}