Cisco TelePresence VX Clinical Assistant WIL-A Module Reboot Admin Password Removal
Critical Nessus Plugin ID 70940
SynopsisThe remote system has an account with a blank password.
DescriptionCisco TelePresence VX Clinical Assistant is affected by a password reset vulnerability. The WIL-A module causes the administrative password to be reset to a blank password every time the device is rebooted.
This plugin attempts to authenticate to the device using the username 'admin' and a blank password over SSH. It does not attempt to obtain a version number and does not fully validate that the remote host is a Clinical Assistant device.
SolutionFollow the manufacturer's instructions to upgrade to a firmware version later than 1.20