Nortel/Bay Networks/Xylogics Annex Default Password

This script is Copyright (C) 2003-2013 Douglas Minderhout


Synopsis :

The remote host is reachable with known default credentials.

Description :

The remote terminal server has the default password set.
This means that anyone who has (downloaded) a user manual can telnet to
it and gain administrative access.

If modems are attached to this terminal server, it may allow
unauthenticated, remote access to the network.

Solution :

Telnet to this terminal server change to the root user with 'su' and set
the password with the 'passwd' command.
Then, go to the admin mode using the 'admin' command. Cli security can
then be enabled by setting the vcli_security to 'Y' with the command
'set annex vcli_security Y'. This will require ERPCD or RADIUS
authentication for access to the terminal server. Changes can then be
applied through the 'reset annex all' command.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)

Family: Misc.

Nessus Plugin ID: 11201 ()

Bugtraq ID:

CVE ID: