| VID |
29149 |
| Severity |
30 |
| Port |
22 |
| Protocol |
TCP |
| Class |
CISCO |
| Detailed Description |
The CISCO IOS system allows Telnet access which is not safe. Because TCP wrapper is not encrypted, Telnet can't protect the network traffic from sniffing and Password Guessing attack. Therefore it is recommended that only SSH protocol is used.
* Platforms Affected:
CISCO IOS |
| Recommendation |
Restrict Telnet as follows :
Router# config terminal
Router(config)# line vty 0 4
Router(config-line)# transport input ssh <- only ssh is allowed.
If an access-list allows Telnet access as follows, that access-list should be deleted.
ex) access-list 101 permit tcp 10.10.38.0 0.0.0.255 host 10.10.38.1 eq telnet (or 23)
Router# config terminal
Router(config)# no access-list 101 |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
