cisco-sa-20110601-mxe

Executive Summary

Summary
Title	Default Credentials for root Account on the Cisco Media Experience Engine 5600

Informations
Name	cisco-sa-20110601-mxe	First vendor Publication	2011-04-20
Vendor	Cisco	Last vendor Modification	2011-06-01
Severity (Vendor)	N/A	Revision	1.0

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score	10	Attack Range	Network
Cvss Impact Score	10	Attack Complexity	Low
Cvss Expoit Score	10	Authentification	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Cisco Media Experience Engine (MXE) 5600 devices that are running Cisco Media Processing Software releases prior to 1.2 ship with a root administrator account that is enabled by default with a default password. An unauthorized user could use this account to modify the software configuration and operating system settings or gain complete administrative control of the device. A software upgrade is not required to resolve this vulnerability. Customers can change the root account password by issuing a configuration command on affected engines. The workarounds detailed in this document provide instructions for changing the root account password.

Original Source

Url : http://www.cisco.com/warp/public/707/cisco-sa-20110601-mxe.shtml

CWE : Common Weakness Enumeration

id	Name
CWE-255	Credentials Management

CPE : Common Platform Enumeration

Type	Description	Count
Application	Cisco Media Processing Software cpe:/a:cisco:media_processing_software:1.1.3 cpe:/a:cisco:media_processing_software:1.1.1 cpe:/a:cisco:media_processing_software:1.1.0 cpe:/a:cisco:media_processing_software:1.0.1 cpe:/a:cisco:media_processing_software:1.0.0	5
Hardware	Cisco Media Experience Engine 5600 cpe:/h:cisco:media_experience_engine_5600	1