ID CVE-2004-1694
Summary Symantec ON Command CCM 5.4.x and iCommand 3.0.x has four default usernames and passwords, one of which is hardcoded, which allows remote attackers to gain unauthorized access.
References
Vulnerable Configurations
  • cpe:2.3:a:symantec:on_command_ccm:5.0
    cpe:2.3:a:symantec:on_command_ccm:5.0
  • cpe:2.3:a:symantec:on_command_ccm:5.1
    cpe:2.3:a:symantec:on_command_ccm:5.1
  • cpe:2.3:a:symantec:on_command_ccm:5.2
    cpe:2.3:a:symantec:on_command_ccm:5.2
  • cpe:2.3:a:symantec:on_command_ccm:5.3
    cpe:2.3:a:symantec:on_command_ccm:5.3
  • cpe:2.3:a:symantec:on_command_ccm:5.4
    cpe:2.3:a:symantec:on_command_ccm:5.4
  • cpe:2.3:a:symantec:on_icommand:3.0
    cpe:2.3:a:symantec:on_icommand:3.0
CVSS
Base: 7.5 (as of 31-05-2005 - 13:30)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
refmap via4
bid 11225
bugtraq 20040920 Default username/password pairs in ON Command CCM 5.x database
confirm http://www.sarc.com/avcenter/security/Content/2004.09.29.html
secunia 12604
xf oncommand-multiple-default-accounts(17447)
Last major update 17-10-2016 - 22:59
Published 21-09-2004 - 00:00
Last modified 10-07-2017 - 21:31
Back to Top