Cisco VG248 Unpassworded Account

critical Nessus Plugin ID 19377

Synopsis

The remote host has an account with a blank password.

Description

The remote host is a Cisco VG248 with a blank password.

The Cisco VG248 does not have a password set and allows direct access to the configuration interface. An attacker could telnet to the Cisco unit and reconfigure it to lock the owner out as well as completely disable the phone system.

Solution

Telnet to this unit and at the configuration interface: Choose Configure-> and set the login and enable passwords. If possible, in the future do not use telnet since it is an insecure protocol.

Plugin Details

Severity: Critical

ID: 19377

File Name: CiscoVG248.nasl

Version: Revision: 1.8

Type: remote

Family: CISCO

Published: 8/4/2005

Updated: 1/25/2013

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C