ID CVE-2013-1170
Summary The Cisco Prime Network Control System (NCS) appliance with software before 1.1.1.24 has a default password for the database user account, which makes it easier for remote attackers to change the configuration or cause a denial of service (service disruption) via unspecified vectors, aka Bug ID CSCtz30468.
References
Vulnerable Configurations
  • cpe:2.3:a:cisco:prime_network_control_system_software:1.1:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:prime_network_control_system_software:1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:prime_network_control_system:-:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:prime_network_control_system:-:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 29-04-2013 - 04:00)
Impact:
Exploitability:
CWE CWE-255
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
cisco 20130410 Cisco Prime Network Control Systems Database Default Credentials Vulnerability
Last major update 29-04-2013 - 04:00
Published 11-04-2013 - 10:55
Last modified 29-04-2013 - 04:00
Back to Top