CVE-2007-4632 Information

Description

Cisco IOS 12.2E 12.2F and 12.2S places a \no login\ line into the VTY configuration when an administrator makes certain changes to a (1) VTY/AUX or (2) CONSOLE setting on a device without AAA enabled which allows remote attackers to bypass authentication and obtain a terminal session a different vulnerability than CVE-1999-0293 and CVE-2005-2105.

Reference

http://www.cisco.com/en/US/products/products_security_response09186a00808ae4ca.html http://www.securityfocus.com/bid/25482 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A5866