CVE-2006-5288 - Cisco 2700 Series Wireless Location Appliances before 2.1.34.0 have a default administrator username

CVE-2006-5288

Summary

Cisco 2700 Series Wireless Location Appliances before 2.1.34.0 have a default administrator username "root" and password "password," which allows remote attackers to obtain administrative privileges, aka Bug ID CSCsb92893.

References

http://securitytracker.com/id?1017056
http://www.cisco.com/en/US/products/products_security_advisory09186a0080758bae.shtml
http://www.osvdb.org/30913
http://www.securityfocus.com/bid/20490
https://exchange.xforce.ibmcloud.com/vulnerabilities/29497

Vulnerable Configurations

cpe:2.3:h:cisco:2700_wireless_location_appliance:1.1.73.0:*:*:*:*:*:*:*
cpe:2.3:h:cisco:2700_wireless_location_appliance:1.1.73.0:*:*:*:*:*:*:*

CVSS

Base:	10.0 (as of 20-07-2017 - 01:33)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:L/Au:N/C:C/I:C/A:C

refmap via4

bid	20490
cisco	20061012 Default Password in Wireless Location Appliance
osvdb	30913
sectrack	1017056
xf	cisco-location-appliance-default-password(29497)

Last major update

20-07-2017 - 01:33

Published

13-10-2006 - 20:07

Last modified

20-07-2017 - 01:33