CVE-2009-0620

Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers before A2(1.1) uses default (1) usernames and (2) passwords for (a) the administrator and (b) web management, which makes it easier for remote attackers to perform configuration changes or obtain operating-system access.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.cisco.com/en/US/products/products_security_advisory09186a0080a7bc82.shtml	Vendor Advisory
http://www.securityfocus.com/bid/33900

Configurations

Configuration 1 (hide)

AND

cpe:2.3:h:cisco:catalyst:6500:*:*:*:*:*:*:*

cpe:2.3:h:cisco:catalyst:7600:*:*:*:*:*:*:*

cpe:2.3:a:cisco:application_control_engine_module:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2009-02-26 16:17

Updated : 2023-12-10 10:51

NVD link : CVE-2009-0620

Mitre link : CVE-2009-0620

CVE.ORG link : CVE-2009-0620

JSON object : View

Products Affected

cisco

application_control_engine_module
catalyst

CWE

CWE-255

Credentials Management Errors

{"id": "CVE-2009-0620", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2009-02-26T16:17:20.127", "references": [{"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a7bc82.shtml", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}, {"url": "http://www.securityfocus.com/bid/33900", "source": "ykramarz@cisco.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-255"}]}], "descriptions": [{"lang": "en", "value": "Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers before A2(1.1) uses default (1) usernames and (2) passwords for (a) the administrator and (b) web management, which makes it easier for remote attackers to perform configuration changes or obtain operating-system access."}, {"lang": "es", "value": "El m\u00f3dulo Cisco ACE Application Control Engine para los Switches Catalyst 6500 y Routers 7600 en versiones anteriores a la A2 (1.1) utiliza (1) nombres de usuario por defecto y (2) contrase\u00f1as por defecto para (a) el administrador y (b) la gesti\u00f3n de la web, lo que facilita a los atacantes remotos realizar cambios de configuraci\u00f3n u obtener acceso al sistema operativo."}], "lastModified": "2009-02-27T05:00:00.000", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:catalyst:6500:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "712DA93A-13CE-4E27-84FC-D2ECEEFFD568"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:catalyst:7600:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "521A4FD3-18E3-4937-A6AD-F7BDB3DB08ED"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:application_control_engine_module:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D85B8F79-9113-4AEB-8536-FEFAB06ADF2F", "versionEndIncluding": "0"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "ykramarz@cisco.com"}