How to remediate – ACC Tigris Access Terminal Configuration Disclosure

1. Introduction

ACC Tigris Access Terminal Configuration Disclosure is an information disclosure vulnerability affecting ACC Tigris Terminal Servers. This allows attackers to read parts of a router’s configuration without authentication, potentially exposing sensitive details like network settings and credentials. Affected systems are typically routers running vulnerable software versions. Confidentiality may be impacted due to the exposure of configuration data.

2. Technical Explanation

The vulnerability occurs because some ACC Tigris Terminal Server software versions allow the ‘SHOW’ command to be executed without authentication. Additionally, a default account (‘public’) exists with the password ‘public’, enabling non-privileged command execution. An attacker can exploit this by connecting to the router and using the unauthenticated ‘SHOW’ command or logging in as the ‘public’ user. CVE-1999-0383 describes this issue.

• Root cause: Lack of authentication checks on the ‘SHOW’ command and a default account with a weak password.
• Exploit mechanism: An attacker connects to the router, either using Telnet or SSH, and executes commands without providing credentials or by logging in as ‘public’ with the password ‘public’.
• Scope: ACC Tigris Terminal Servers running affected software versions.

3. Detection and Assessment

To confirm vulnerability, check the router’s software version and test command execution without authentication.

• Quick checks: Connect to the router via Telnet or SSH and attempt to run the ‘SHOW’ command without logging in.
• Scanning: Nessus plugin 183 may detect this vulnerability, but results should be verified manually.
• Logs and evidence: Check router logs for successful execution of the ‘SHOW’ command by unauthenticated users or logins from the ‘public’ account.

telnet <router_ip>

4. Solution / Remediation Steps

Secure access to the server by restricting access only to authorized staff.

4.1 Preparation

• No services need to be stopped for this remediation. A roll back plan is to restore the previous configuration if issues occur.
• Changes should be made during a scheduled maintenance window with appropriate approval from IT management.

4.2 Implementation

1. Step 1: Configure access control lists (ACLs) on the router to allow only authorized staff IP addresses to connect.
2. Step 2: Change the default password for the ‘public’ account to a strong, unique password.

4.3 Config or Code Example

Before

# No access control configured for remote access

After

access-list 10 permit 192.168.1.0 0.0.0.255 # Allow authorized staff network
access-list 10 deny any # Deny all other access
line vty 0 4
  access-class 10 in

4.4 Security Practices Relevant to This Vulnerability

List only practices that directly address this vulnerability type. Use neutral wording and examples instead of fixed advice. For example: least privilege, input validation, safe defaults, secure headers, patch cadence. If a practice does not apply, do not include it.

• Practice 1: Least privilege to reduce the impact if an attacker gains access.
• Practice 2: Strong password policies to prevent unauthorized logins.

4.5 Automation (Optional)

# No automation scripts are available for this specific vulnerability due to device-specific configurations.

5. Verification / Validation

• Post-fix check: Connect via Telnet/SSH and attempt to run ‘SHOW’ without logging in; it should be denied.
• Re-test: Repeat the initial detection steps, which should no longer succeed.
• Smoke test: Verify authorized staff can still connect and manage the router using their credentials.
• Monitoring: Monitor router logs for failed login attempts from unauthorized IP addresses or unsuccessful ‘SHOW’ command executions.

telnet <router_ip> # Should now be denied access

6. Preventive Measures and Monitoring

Suggest only measures that are relevant to the vulnerability type. Use “for example” to keep advice conditional, not prescriptive.

• Baselines: Update security baselines to include strong password policies and ACL configurations for network devices.
• Pipelines: Implement configuration management tools to enforce secure settings across all routers.
• Asset and patch process: Establish a regular review cycle for router configurations to identify and address potential vulnerabilities.

7. Risks, Side Effects, and Roll Back

• Risk or side effect 2: Changing the ‘public’ account password may disrupt existing automated processes that rely on it; document any dependencies.
• Roll back: Restore the previous router configuration from backup if issues occur. Remove the ACLs and revert the ‘public’ account password to its default value.

8. References and Resources

• Vendor advisory or bulletin: https://seclists.org/bugtraq/1999/Jan/23
• NVD or CVE entry: CVE-1999-0383
• Product or platform documentation relevant to the fix: https://seclists.org/bugtraq/1999/Jan/32