Detections
Analytics

Cisco Email Security Appliance Web UI Default Credentials

critical Nessus Plugin ID 73300

Language:

Synopsis

The remote web application can be accessed with default credentials.

Description

It was possible to log into Cisco Email Security Appliance's web management console using default credentials.

Solution

Refer to the documentation for instructions about changing the default password.

See Also

http://www.nessus.org/u?6c3cd811

Plugin Details

Severity: Critical

ID: 73300

File Name: cisco_esa_web_default_creds.nasl

Version: 1.7

Type: remote

Family: CGI abuses

Published: 4/2/2014

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:H/RL:X/RC:X

Vulnerability Information

CPE: cpe:/h:cisco:email_security_appliance

Excluded KB Items: global_settings/supplied_logins_only