Cabletron WebView Administrative Access

high Nessus Plugin ID 10962

Synopsis

The remote web server allows uncredentialed administrative access.

Description

This host is a Cabletron switch and is running Cabletron WebView. This web software provides a graphical, real-time representation of the front panel on the switch. This graphic, along with additionally defined areas of the browser interface, allow you to interactively configure the switch, monitor its status, and view statistical information. An attacker can use this to gain information about this host.

Solution

Depending on the location of the switch, it might be advisable to restrict access to the web server by IP address or disable the web server completely.

Plugin Details

Severity: High

ID: 10962

File Name: DDI_Cabletron_Web_View.nasl

Version: 1.20

Type: remote

Family: Web Servers

Published: 5/22/2002

Updated: 6/12/2020

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

Vulnerability Publication Date: 1/1/2002

Detections

Analytics