Cabletron WebView Administrative Access

This script is Copyright (C) 2002-2011 Digital Defense Incorporated


Synopsis :

The remote web server allows uncredentialed administrative access.

Description :

This host is a Cabletron switch and is running Cabletron WebView.
This web software provides a graphical, real-time representation of
the front panel on the switch. This graphic, along with additionally
defined areas of the browser interface, allow you to interactively
configure the switch, monitor its status, and view statistical
information. An attacker can use this to gain information about this
host.

Solution :

Depending on the location of the switch, it might be advisable to
restrict access to the web server by IP address or disable the web
server completely.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Family: Web Servers

Nessus Plugin ID: 10962 (DDI_Cabletron_Web_View.nasl)

Bugtraq ID:

CVE ID: