Cisco TelePresence VX Clinical Assistant WIL-A Module Reboot Admin Password Removal

This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.


Synopsis :

The remote system has an account with a blank password.

Description :

Cisco TelePresence VX Clinical Assistant is affected by a password
reset vulnerability. The WIL-A module causes the administrative
password to be reset to a blank password every time the device is
rebooted.

This plugin attempts to authenticate to the device using the username
'admin' and a blank password over SSH. It does not attempt to obtain a
version number and does not fully validate that the remote host is a
Clinical Assistant device.

See also :

http://www.nessus.org/u?b5ef8f99

Solution :

Follow the manufacturer's instructions to upgrade to a firmware
version later than 1.20

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: Misc.

Nessus Plugin ID: 70940 ()

Bugtraq ID: 63552

CVE ID: CVE-2013-5558