Executive Summary

Summary
Title Default Credentials for root Account on the Cisco Media Experience Engine 5600
Informations
Name cisco-sa-20110601-mxe First vendor Publication 2011-04-20
Vendor Cisco Last vendor Modification 2011-06-01
Severity (Vendor) N/A Revision 1.0

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 10 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Cisco Media Experience Engine (MXE) 5600 devices that are running Cisco Media Processing Software releases prior to 1.2 ship with a root administrator account that is enabled by default with a default password. An unauthorized user could use this account to modify the software configuration and operating system settings or gain complete administrative control of the device. A software upgrade is not required to resolve this vulnerability. Customers can change the root account password by issuing a configuration command on affected engines. The workarounds detailed in this document provide instructions for changing the root account password.

Original Source

Url : http://www.cisco.com/warp/public/707/cisco-sa-20110601-mxe.shtml

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-255 Credentials Management

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 5
Hardware 1

Open Source Vulnerability Database (OSVDB)

Id Description
72721 Cisco Media Experience Engine 5600 Default Root Administrator Credentials

By default, Cisco Media Experience Engine installs with a default password. The root admin account has a set password, which is publicly known and documented. This allows attackers to trivially access the program or system and gain privileged access.