Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 1999-2018 Tenable Network Security, Inc.CISCO_675.NASL
HistoryAug 22, 1999 - 12:00 a.m.

Cisco 675 Router Default Unpassworded Account

1999-08-2200:00:00
This script is Copyright (C) 1999-2018 Tenable Network Security, Inc.
www.tenable.com
54

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.006 Low

EPSS

Percentile

77.8%

JSON

The remote CISCO router is not secured with a password. A remote attacker could log in and take complete control of this device.

#
# (C) Tenable Network Security, Inc.
#


include("compat.inc");


if(description)
{
 script_id(10045);
 script_version ("1.25");
 script_cve_id("CVE-1999-0889");
 script_name(english:"Cisco 675 Router Default Unpassworded Account");
 script_summary(english:"Logs into the remote CISCO router");
 
 script_set_attribute(
   attribute:"synopsis",
   value:"The remote router is not secured with a password."
 );
 script_set_attribute( attribute:"description",  value:
"The remote CISCO router is not secured with a password. A remote 
attacker could log in and take complete control of this device." );
 script_set_attribute(
   attribute:"see_also",
   value:"https://seclists.org/bugtraq/1999/Aug/5"
 );
 # https://web.archive.org/web/20021028095615/http://www.cisco.com/en/US/products/hw/modems/ps296/products_installation_guide_chapter09186a008007dd70.html
 script_set_attribute(
   attribute:"see_also",
   value:"http://www.nessus.org/u?db507938"
 );
 script_set_attribute(
   attribute:"solution", 
   value:"Login to this router and set a strong password."
 );
 script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
 script_set_attribute(attribute:"plugin_publication_date", value: "1999/08/22");
 script_set_attribute(attribute:"vuln_publication_date", value: "1999/07/31");
 script_cvs_date("Date: 2018/11/15 20:50:20");
 script_set_attribute(attribute:"plugin_type", value:"remote");
 script_set_attribute(attribute:"cpe",value:"cpe:/h:cisco:675_router");
 script_end_attributes();

 script_category(ACT_GATHER_INFO);
 script_family(english:"CISCO");
 
 script_copyright(english:"This script is Copyright (C) 1999-2018 Tenable Network Security, Inc.");
 script_require_ports(23);
 
 exit(0);
}

#
# The script code starts here
#
include('telnet_func.inc');

port = 23;
if(get_port_state(port))
{
 buf = get_telnet_banner(port:port);
 if ( ! buf || "User Access Verification" >!< buf ) exit(0);
 soc = open_sock_tcp(port);
 if(soc)
 {
  buf = telnet_negotiate(socket:soc);
  if("User Access Verification" >< buf)
  {
   buf = recv(socket:soc, length:1024);
   data = string("\r\n");
   send(socket:soc, data:data);
   buf2 = recv(socket:soc, length:1024);
   if(">" >< buf2)security_hole(port);
  }
 close(soc);
 }
}
VendorProductVersionCPE
cisco675_routercpe:/h:cisco:675_router

Related

cve 1
cvelist 1
nvd 1
cve
cve
CVE-1999-0889
2000-04-25 04:00:00
cvelist
cvelist
CVE-1999-0889
2000-04-25 04:00:00
nvd
nvd
CVE-1999-0889
1999-07-01 04:00:00

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.006 Low

EPSS

Percentile

77.8%

JSON
Related for CISCO_675.NASL
cve1cvelist1nvd1