[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Cisco Security Advisory: Cisco TelePresence System Default Credentials Vulnerability
- To: bugtraq@xxxxxxxxxxxxxxxxx
- Subject: Cisco Security Advisory: Cisco TelePresence System Default Credentials Vulnerability
- From: Cisco Systems Product Security Incident Response Team <psirt@xxxxxxxxx>
- Date: Wed, 7 Aug 2013 12:04:12 -0400
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Cisco Security Advisory: Cisco TelePresence System Default Credentials
Vulnerability
Advisory ID: cisco-sa-20130807-tp
Revision 1.0
For Public Release 2013 August 7 16:00 UTC (GMT)
+---------------------------------------------------------------------
Summary
=======
A vulnerability in Cisco TelePresence System could allow a remote attacker to
access the web server via a user account that is created with default
credentials.
The vulnerability is due to a default user account being created at
installation time. An attacker could exploit this vulnerability by remotely
accessing the web server and using the default account credentials. An exploit
could allow the attacker to log in with the default credentials, which gives
them full administrative rights to the system.
Workarounds that mitigate this vulnerability are available.
This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130807-tp
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.19 (Darwin)
iF4EAREKAAYFAlICRBYACgkQUddfH3/BbTrGqQD+I5Yf/eVxV/vsUxX31XHDrLG+
NxwiFn3e1mDPMir9pGIA/jTzkeCxTTGMm5brlUQTFE0YJ3vDzXwAtp+HVzqu8i6K
=tMib
-----END PGP SIGNATURE-----