Cisco VG248 Unpassworded Account

This script is Copyright (C) 2005-2013 Rick McCloskey


Synopsis :

The remote host has an account with a blank password.

Description :

The remote host is a Cisco VG248 with a blank password.

The Cisco VG248 does not have a password set and allows direct
access to the configuration interface. An attacker could telnet
to the Cisco unit and reconfigure it to lock the owner out as
well as completely disable the phone system.

Solution :

Telnet to this unit and at the configuration interface:
Choose Configure-> and set the login and enable passwords. If
possible, in the future do not use telnet since it is an insecure
protocol.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Family: CISCO

Nessus Plugin ID: 19377 (CiscoVG248.nasl)

Bugtraq ID:

CVE ID: