Cisco ATA-186 Password Circumvention / Recovery

This script is Copyright (C) 2002-2013 Tenable Network Security, Inc.

Synopsis :

The remote telephone adapter has a security bypass vulnerability.

Description :

The remote host appears to be a Cisco ATA-186 - an analog telephone
adapter used to interface analog telephones to VoIP networks.

The adapter is configured via a web interface that has a security
bypass vulnerability. It is possible to bypass authentication by
sending an HTTP POST request with a single byte, which could allow
a remote attacker to take control of the device.

See also :

Solution :

Apply the patch referenced in the vendor's advisory.

Risk factor :

Critical / CVSS Base Score : 10.0
CVSS Temporal Score : 8.7
Public Exploit Available : true

Family: CISCO

Nessus Plugin ID: 11012 (cisco_ata186_password_circumvent.nasl)

Bugtraq ID: 4711

CVE ID: CVE-2002-0769