Cisco Prime Network Control System Default Credentials (cisco-sa-20130410-ncs)

This script is Copyright (C) 2013 Tenable Network Security, Inc.


Synopsis :

One or more accounts on the remote host use a default password.

Description :

According to its self-reported version, the remote host is running a
release of Cisco Prime Network Control System prior to 1.1.2. As
such, it reportedly has the following vulnerabilities :

- The 'oracle' user account is secured with an unspecified,
default password. (CSCtz30468)

- The 'wcsdba' Oracle database account is secured with a
default password of 'wcs123'. (CSCub54624)

A remote, unauthenticated attacker could exploit this to log into the
system and change its configuration or disrupt services.

See also :

http://www.nessus.org/u?544c200c

Solution :

Upgrade to Cisco Prime Network Control System version 1.1.2 or later.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.2
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: CISCO

Nessus Plugin ID: 66861 ()

Bugtraq ID: 59013

CVE ID: CVE-2013-1170