Cisco 设备默认密码
critical Nessus 插件 ID 23938
语言:
简介
The remote device has a default factory password set.描述
远程 Cisco 路由器设置了默认密码。远程未经认证的攻击者可利用此问题获得管理访问权限。解决方案
Change the Cisco device default password via the command 'enable secret'.插件详情
严重性: Critical
ID: 23938
文件名: cisco_default_pw.nasl
版本: 1.50
类型: remote
系列: CISCO
发布时间: 2006/12/23
最近更新时间: 2023/11/27
支持的传感器: Nessus
风险信息
CVSS 分数理由: Av:n is justified since the plugin tries to login via ssh or telnet. while the nvd score implies the the device is only accessible locally, that's not explicitly specified in the cve description: an account on a router, firewall, or other network device has a default, null, blank, or missing password. it is a reasonable assumption that if the plugin can log in with one of the sets of credentials attempted in the plugin, it can own the device (hence cia complete instead of partial).
VPR
风险因素: Medium
分数: 5.9
CVSS v2
风险因素: Critical
基本分数: 10
时间分数: 7.7
矢量: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS 分数来源: CVE-1999-0508
CVSS v3
风险因素: Critical
基本分数: 9.8
矢量: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
漏洞信息
CPE: cpe:/o:cisco
排除的 KB 项: global_settings/supplied_logins_only
易利用性: No exploit is required
漏洞发布日期: 1999/1/1
参考资料信息
CVE: CVE-1999-0508