Advisory ID: cisco-sa-20151104-mse-cred
Revision 1.0
For Public Release 2015 November 4 16:00 UTC (GMT)
+-----------------------------
Summary
=======
A vulnerability in the Cisco Mobility Services Engine (MSE) could
allow an unauthenticated, remote attacker to log in to the MSE with
the default oracle account. This account does not have full administrator
privileges.
The vulnerability is due to a user account that has a default and static
password. This account is created at installation and cannot be changed
or deleted without impacting the functionality of the system. An attacker
could exploit this vulnerability by remotely connecting to the affected
system via SSH using this account. A successful exploit could allow the
attacker to log in to the MSE using the default oracle account.
Cisco has released software updates that address this vulnerability. A
workaround that mitigates this vulnerability is available.
This advisory is available at the following link:
http://tools.cisco.com/
Komentarų nėra:
Rašyti komentarą