Lucene search

CiscoCISCO-SA-20130410-NCS

HistoryApr 10, 2013 - 4:00 p.m.

Cisco Prime Network Control Systems Database Default Credentials Vulnerability

2013-04-1016:00:00

tools.cisco.com

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.004

Percentile

72.9%

JSON

Cisco
Prime Network Control System NCS appliances that are running software
versions prior to 1.1.2 contain a database user account that is
created with default credentials. An attacker could use this account to
modify the configuration of the application or disrupt services.

Cisco has released software updates that address these vulnerabilities. There is no workaround for these vulnerabilities.

This advisory is available at the following link:

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130410-ncs[“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130410-ncs”]

Affected configurations

Vulners

Node

ciscoprime_network_control_systemMatchany

VendorProductVersionCPE
ciscoprime_network_control_systemanycpe:2.3:a:cisco:prime_network_control_system:any:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	prime_network_control_system	any	cpe:2.3:a:cisco:prime_network_control_system:any:::::::*

References

sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130410-ncs

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.004

Percentile

72.9%

JSON

Related for CISCO-SA-20130410-NCS