Vulnerability CVE-2009-0620
Published: 2009-02-26   Modified: 2012-02-13

Description:
Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers before A2(1.1) uses default (1) usernames and (2) passwords for (a) the administrator and (b) web management, which makes it easier for remote attackers to perform configuration changes or obtain operating-system access.

Type:

CWE-255

 (Credentials Management)

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
10/10
10/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Cisco -> Application control engine module 

 References:
http://www.securityfocus.com/bid/33900
http://www.cisco.com/en/US/products/products_security_advisory09186a0080a7bc82.shtml
Copyright 2024, cxsecurity.com

 

Back to Top