| VID |
29147 |
| Severity |
40 |
| Port |
22 |
| Protocol |
TCP |
| Class |
CISCO |
| Detailed Description |
The CISCO IOS system does not apply VTY access control list. If VTY(Virtual Teletype) are used, anyone can access the system through Telnet or SSH. For safe access control, unauthorized user should be restricted by applying VTY access control list to all VTY lines.
* Platforms Affected:
CISCO IOS |
| Recommendation |
Apply VTY access control list as follows :
Router# config terminal
Router(config)# access-list [1-99] {permit|deny} [Source Network] [WildcardMask]
Router(config)# access-list [1-99] permit any -> To prevent 'deny' by default
Router(config)# line vty 0 4
Router(config)# access-class [1-99] in
ex) To allow access from only 192.168.2.1 to the system
Router(config)# access-list 1 permit 192.168.2.1 |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
