ID OSVDB:14124 Type osvdb Reporter OSVDB Modified 2005-02-24T08:17:36
Description
Vulnerability Description
By default, Cisco ACNS devices ship with a default password. The Administrator account has a default password which is publicly known and documented. This allows attackers to trivially access the program or system.
Solution Description
Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround(s): change the default password
Short Description
By default, Cisco ACNS devices ship with a default password. The Administrator account has a default password which is publicly known and documented. This allows attackers to trivially access the program or system.
{"type": "osvdb", "published": "2005-02-24T08:17:36", "href": "https://vulners.com/osvdb/OSVDB:14124", "bulletinFamily": "software", "cvss": {"vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/", "score": 7.5}, "viewCount": 0, "edition": 1, "reporter": "OSVDB", "title": "Cisco ACNS Default Admin Password", "affectedSoftware": [{"operator": "eq", "version": "4.x", "name": "ACNS"}, {"operator": "eq", "version": "5.2.x", "name": "ACNS"}, {"operator": "eq", "version": "5.0.x", "name": "ACNS"}, {"operator": "eq", "version": "5.1.x", "name": "ACNS"}], "enchantments": {"score": {"value": 6.1, "vector": "NONE", "modified": "2017-04-28T13:20:09", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2005-0601"]}], "modified": "2017-04-28T13:20:09", "rev": 2}, "vulnersScore": 6.1}, "references": [], "id": "OSVDB:14124", "lastseen": "2017-04-28T13:20:09", "cvelist": ["CVE-2005-0601"], "modified": "2005-02-24T08:17:36", "description": "## Vulnerability Description\nBy default, Cisco ACNS devices ship with a default password. The Administrator account has a default password which is publicly known and documented. This allows attackers to trivially access the program or system.\n## Solution Description\nCurrently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround(s): change the default password\n## Short Description\nBy default, Cisco ACNS devices ship with a default password. The Administrator account has a default password which is publicly known and documented. This allows attackers to trivially access the program or system.\n## References:\nSecurity Tracker: 1013286\n[Secunia Advisory ID:14395](https://secuniaresearch.flexerasoftware.com/advisories/14395/)\n[Related OSVDB ID: 14122](https://vulners.com/osvdb/OSVDB:14122)\n[Related OSVDB ID: 14123](https://vulners.com/osvdb/OSVDB:14123)\n[Related OSVDB ID: 14120](https://vulners.com/osvdb/OSVDB:14120)\n[Related OSVDB ID: 14121](https://vulners.com/osvdb/OSVDB:14121)\nOther Advisory URL: http://www.cisco.com/warp/public/707/cisco-sa-20050224-acnsdos.shtml\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-02/0426.html\nKeyword: CSCef30743\nISS X-Force ID: 19471\n[CVE-2005-0601](https://vulners.com/cve/CVE-2005-0601)\nBugtraq ID: 12648\n"}
{"cve": [{"lastseen": "2020-10-03T11:34:53", "description": "Cisco devices running Application and Content Networking System (ACNS) 4.x, 5.0, 5.1, or 5.2 use a default password when the setup dialog has not been run, which allows remote attackers to gain access.", "edition": 3, "cvss3": {}, "published": "2005-05-02T04:00:00", "title": "CVE-2005-0601", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-0601"], "modified": "2017-07-11T01:32:00", "cpe": ["cpe:/a:cisco:application_and_content_networking_software:5.0.1", "cpe:/a:cisco:application_and_content_networking_software:4.1.3", "cpe:/a:cisco:application_and_content_networking_software:5.0.3", "cpe:/a:cisco:application_and_content_networking_software:4.2", "cpe:/a:cisco:application_and_content_networking_software:5.1", "cpe:/a:cisco:application_and_content_networking_software:5.0", "cpe:/a:cisco:application_and_content_networking_software:5.2", "cpe:/a:cisco:application_and_content_networking_software:4.2.9", "cpe:/a:cisco:application_and_content_networking_software:4.2.11", "cpe:/a:cisco:application_and_content_networking_software:4.1.1", "cpe:/a:cisco:application_and_content_networking_software:4.0.3", "cpe:/a:cisco:application_and_content_networking_software:5.0.5"], "id": "CVE-2005-0601", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-0601", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:cisco:application_and_content_networking_software:5.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:application_and_content_networking_software:4.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:application_and_content_networking_software:5.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:application_and_content_networking_software:5.0:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:application_and_content_networking_software:4.2.9:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:application_and_content_networking_software:4.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:application_and_content_networking_software:4.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:application_and_content_networking_software:5.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:application_and_content_networking_software:4.2.11:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:application_and_content_networking_software:5.2:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:application_and_content_networking_software:5.1:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:application_and_content_networking_software:4.2:*:*:*:*:*:*:*"]}]}
