Cisco Multiple Devices Unpassworded Account

critical Nessus Plugin ID 10754

Synopsis

It is possible to login to the remote network device without a password.

Description

The remote host appears to be a Cisco router or switch with no password set. This can allow a remote attacker to login to the device and take control of it.

Solution

Login and set exec and enable passwords. For more information, refer refer to the manual for the device.

Plugin Details

Severity: Critical

ID: 10754

File Name: cisco_no_pw.nasl

Version: 1.23

Type: remote

Family: CISCO

Published: 9/7/2001

Updated: 7/25/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 1/1/1999

Reference Information

CVE: CVE-1999-0508