CVE-2009-0620

2009-02-2616:17:20

CWE-255

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.6

Confidence

Low

EPSS

0.004

Percentile

73.7%

JSON

Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers before A2(1.1) uses default (1) usernames and (2) passwords for (a) the administrator and (b) web management, which makes it easier for remote attackers to perform configuration changes or obtain operating-system access.

Affected configurations

Nvd

Node

ciscocatalystMatch6500

AND

ciscocatalystMatch7600

AND

ciscoapplication_control_engine_moduleRange≤0

VendorProductVersionCPE
ciscocatalyst6500cpe:2.3:h:cisco:catalyst:6500:*:*:*:*:*:*:*
ciscocatalyst7600cpe:2.3:h:cisco:catalyst:7600:*:*:*:*:*:*:*
ciscoapplication_control_engine_module*cpe:2.3:a:cisco:application_control_engine_module:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	catalyst	6500	cpe:2.3:h:cisco:catalyst:6500:::::::*
cisco	catalyst	7600	cpe:2.3:h:cisco:catalyst:7600:::::::*
cisco	application_control_engine_module	*	cpe:2.3:a:cisco:application_control_engine_module::::::::