Vulnerabilities > CVE-2004-1694 - Remote Database Default Password vulnerability in Symantec ON Command CCM and ON Icommand

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

symantec

NVD

Published: 2004-09-21

Updated: 2017-07-11

Summary

Symantec ON Command CCM 5.4.x and iCommand 3.0.x has four default usernames and passwords, one of which is hardcoded, which allows remote attackers to gain unauthorized access.

Vulnerable Configurations

Part	Description	Count
Application	Symantec Symantec ON Command CCM 5.0 Symantec ON Command CCM 5.1 Symantec ON Command CCM 5.2 Symantec ON Command CCM 5.3 Symantec ON Command CCM 5.4 Symantec ON Icommand 3.0	6

References

http://marc.info/?l=bugtraq&m=109571689621784&w=2
http://secunia.com/advisories/12604
http://www.sarc.com/avcenter/security/Content/2004.09.29.html
http://www.securityfocus.com/bid/11225
https://exchange.xforce.ibmcloud.com/vulnerabilities/17447