Executive Summary
| Summary | |
|---|---|
| Title | Default Credentials Vulnerability in Cisco Network Registrar |
| Informations | |||
|---|---|---|---|
| Name | cisco-sa-20110601-cnr | First vendor Publication | 2011-04-05 |
| Vendor | Cisco | Last vendor Modification | 2011-06-01 |
| Severity (Vendor) | N/A | Revision | 1.0 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 10 | Attack Range | Network |
| Cvss Impact Score | 10 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Cisco Network Registrar Software Releases prior to 7.2 contain a default password for the administrative account. During the initial installation, users are not forced to change this password, allowing it to persist after the installation. An attacker who is aware of this vulnerability could authenticate with administrative privileges and arbitrarily change the configuration of Cisco Network Registrar. The upgrade to Software Release 7.2 is not free; however, a workaround is provided in this document that will prevent exploitation of the vulnerability. When performing an upgrade to Software Release 7.2, you must use the workaround to change the password of the administrative account. You will be prompted to enter a new administrator's password only if you are performing a new installation of Software Release 7.2 of Cisco Network Registrar. The workaround for this vulnerability is to change the password associated with the administrative account using the method described in the "Workarounds" section. |
Original Source
| Url : http://www.cisco.com/en/US/products/products_security_advisory09186a0080b8 (...) |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-255 | Credentials Management |
CPE : Common Platform Enumeration
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 72720 | Cisco Network Registrar Administrative Account Default Password |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2014-01-10 | Cisco network registrar default credentials authentication attempt RuleID : 20692 - Revision : 13 - Type : POLICY-OTHER |
| 2014-01-10 | Cisco Network Registrar default credentials authentication attempt RuleID : 20691 - Revision : 8 - Type : POLICY-OTHER |
