Oracle Integrated Lights Out Manager Default Credentials

critical Nessus Plugin ID 61646

Synopsis

The remote host is protected with a default password.

Description

Nessus was able to log into the remote host with known default Integrated Lights Out Manager (ILOM) username and password credentials. A remote attacker can exploit this to gain administrative access.

Solution

Replace the default password with a strong password.

See Also

http://www.nessus.org/u?dee4f0f5

Plugin Details

Severity: Critical

ID: 61646

File Name: oracle_ilom_default_login.nbin

Version: 1.539

Type: remote

Family: Misc.

Published: 8/23/2012

Updated: 12/18/2024

Supported Sensors: Nessus

Enable CGI Scanning: true

Risk Information

CVSS Score Rationale: Score from an analysis done by tenable

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: manual

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: cpe:/a:sun:embedded_lights_out_manager, cpe:/o:oracle:integrated_lights_out_manager_firmware

Excluded KB Items: Settings/disable_cgi_scanning, global_settings/supplied_logins_only

Exploit Available: true

Exploit Ease: No exploit is required