Cisco TelePresence VX Clinical Assistant WIL-A Module Reboot Admin Password Removal

This script is Copyright (C) 2013-2015 Tenable Network Security, Inc.

Synopsis :

The remote system has an account with a blank password.

Description :

Cisco TelePresence VX Clinical Assistant is affected by a password
reset vulnerability. The WIL-A module causes the administrative
password to be reset to a blank password every time the device is

This plugin attempts to authenticate to the device using the username
'admin' and a blank password over SSH. It does not attempt to obtain a
version number and does not fully validate that the remote host is a
Clinical Assistant device.

See also :

Solution :

Follow the manufacturer's instructions to upgrade to a firmware
version later than 1.20

Risk factor :

Critical / CVSS Base Score : 10.0
CVSS Temporal Score : 8.7
Public Exploit Available : true

Family: Misc.

Nessus Plugin ID: 70940 ()

Bugtraq ID: 63552

CVE ID: CVE-2013-5558