CVE-2009-0621

Published Feb 26, 2009

Last updated 16 years ago

Overview

Description: Cisco ACE 4710 Application Control Engine Appliance before A1(8a) uses default (1) usernames and (2) passwords for (a) the administrator, (b) web management, and (c) device management, which makes it easier for remote attackers to perform configuration changes to the Device Manager and other components, or obtain operating-system access.
Source: ykramarz@cisco.com
NVD status: Analyzed

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 10
Impact score: 10
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-16

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cisco:ace_4710:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DBFD21CF-CC38-477F-A78B-10CFEFF81E0A"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References