Shiva LanRover Blank Password

critical Nessus Plugin ID 10998

Synopsis

The remote network device does not use an administrative password.

Description

The Shiva LanRover has no password set for the root user account. An attacker is able to telnet to this system and gain access to any phone lines attached to this device.

Additionally, the LanRover can be used as a relay point for further attacks via the telnet and rlogin functionality available from the administration shell.

Solution

Telnet to this device and change the password for the root account via the passwd command. Please ensure any other accounts have strong passwords set.

Plugin Details

Severity: Critical

ID: 10998

File Name: DDI_LanRover_Blank_Password.nasl

Version: 1.11

Type: remote

Family: Misc.

Published: 6/5/2002

Updated: 8/9/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Exploitable With

Metasploit (SNMP Community Scanner)

Reference Information

CVE: CVE-1999-0508