Cisco Multiple Devices Unpassworded Account

Critical Nessus Plugin ID 10754

New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.

VPR Score: 5.9

Synopsis

It is possible to login to the remote network device without a password.

Description

The remote host appears to be a Cisco router or switch with no password set. This can allow a remote attacker to login to the device and take control of it.

Solution

Login and set exec and enable passwords. For more information, refer refer to the manual for the device.

Plugin Details

Severity: Critical

ID: 10754

File Name: cisco_no_pw.nasl

Version: 1.23

Type: remote

Family: CISCO

Published: 2001/09/07

Updated: 2018/07/25

Dependencies: 17975

Risk Information

Risk Factor: Critical

VPR Score: 5.9

CVSS v2.0

Base Score: 10

Temporal Score: 7.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:TF/RC:C

Vulnerability Information

Exploit Available: false

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 1999/01/01

Reference Information

CVE: CVE-1999-0508