Cabletron WebView Administrative Access

This script is Copyright (C) 2002-2011 Digital Defense Incorporated


Synopsis :

The remote web server allows uncredentialed administrative access.

Description :

This host is a Cabletron switch and is running Cabletron WebView.
This web software provides a graphical, real-time representation of
the front panel on the switch. This graphic, along with additionally
defined areas of the browser interface, allow you to interactively
configure the switch, monitor its status, and view statistical
information. An attacker can use this to gain information about this
host.

Solution :

Depending on the location of the switch, it might be advisable to
restrict access to the web server by IP address or disable the web
server completely.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Family: Web Servers

Nessus Plugin ID: 10962 (DDI_Cabletron_Web_View.nasl)

Bugtraq ID:

CVE ID:

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial