CVE-2009-0620

Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers before A2(1.1) uses default (1) usernames and (2) passwords for (a) the administrator and (b) web management, which makes it easier for remote attackers to perform configuration changes or obtain operating-system access.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.cisco.com/en/US/products/products_security_advisory09186a0080a7bc82.shtml	Vendor Advisory
http://www.securityfocus.com/bid/33900
http://www.cisco.com/en/US/products/products_security_advisory09186a0080a7bc82.shtml	Vendor Advisory
http://www.securityfocus.com/bid/33900

Configurations

Configuration 1 (hide)

AND

cpe:2.3:h:cisco:catalyst:6500:*:*:*:*:*:*:*

cpe:2.3:h:cisco:catalyst:7600:*:*:*:*:*:*:*

cpe:2.3:a:cisco:application_control_engine_module:*:*:*:*:*:*:*:*

History

21 Nov 2024, 01:00

Type	Values Removed	Values Added
References	~~() http://www.cisco.com/en/US/products/products_security_advisory09186a0080a7bc82.shtml - Vendor Advisory~~	() http://www.cisco.com/en/US/products/products_security_advisory09186a0080a7bc82.shtml - Vendor Advisory
References	~~() http://www.securityfocus.com/bid/33900 -~~	() http://www.securityfocus.com/bid/33900 -

Information

Published : 2009-02-26 16:17

Updated : 2024-11-21 01:00

NVD link : CVE-2009-0620

Mitre link : CVE-2009-0620

CVE.ORG link : CVE-2009-0620

JSON object : View

Products Affected

cisco

catalyst
application_control_engine_module

CWE

CWE-255

Credentials Management Errors

{"id": "CVE-2009-0620", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2009-02-26T16:17:20.127", "references": [{"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a7bc82.shtml", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}, {"url": "http://www.securityfocus.com/bid/33900", "source": "ykramarz@cisco.com"}, {"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a7bc82.shtml", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/33900", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-255"}]}], "descriptions": [{"lang": "en", "value": "Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers before A2(1.1) uses default (1) usernames and (2) passwords for (a) the administrator and (b) web management, which makes it easier for remote attackers to perform configuration changes or obtain operating-system access."}, {"lang": "es", "value": "El m\u00f3dulo Cisco ACE Application Control Engine para los Switches Catalyst 6500 y Routers 7600 en versiones anteriores a la A2 (1.1) utiliza (1) nombres de usuario por defecto y (2) contrase\u00f1as por defecto para (a) el administrador y (b) la gesti\u00f3n de la web, lo que facilita a los atacantes remotos realizar cambios de configuraci\u00f3n u obtener acceso al sistema operativo."}], "lastModified": "2024-11-21T01:00:32.243", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:catalyst:6500:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "712DA93A-13CE-4E27-84FC-D2ECEEFFD568"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:catalyst:7600:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "521A4FD3-18E3-4937-A6AD-F7BDB3DB08ED"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:application_control_engine_module:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D85B8F79-9113-4AEB-8536-FEFAB06ADF2F", "versionEndIncluding": "0"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "ykramarz@cisco.com"}