CVE-2013-6979

Cisco Ios XE - Authentication Bypass

Title source: rule

Description

The VTY authentication implementation in Cisco IOS XE 03.02.xxSE and 03.03.xxSE incorrectly relies on the Linux-IOS internal-network configuration, which allows remote attackers to bypass authentication by leveraging access to a 192.168.x.2 source IP address, aka Bug ID CSCuj90227.

References (5)

[Vendor Advisory] http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6979

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/64502

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1029537

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/89901

[Third Party Advisory, VDB Entry] http://osvdb.org/101351

Scores

EPSS 0.0032

EPSS Percentile 55.1%

Classification

CWE

CWE-287

Status draft

Affected Products (1)

cisco/ios_xe

Timeline

Published Dec 23, 2013

Tracked Since Feb 18, 2026