Vulnerabilities > CVE-2006-5288 - Unspecified vulnerability in Cisco 2700 Wireless Location Appliance 1.1.73.0

047910
CVSS 10.0 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
low complexity
cisco
critical
nessus

Summary

Cisco 2700 Series Wireless Location Appliances before 2.1.34.0 have a default administrator username "root" and password "password," which allows remote attackers to obtain administrative privileges, aka Bug ID CSCsb92893.

Vulnerable Configurations

Part Description Count
Hardware
Cisco
1

Nessus

  • NASL familyDefault Unix Accounts
    NASL idACCOUNT_ROOT_DOTTIE.NASL
    descriptionThe account
    last seen2020-06-01
    modified2020-06-02
    plugin id31800
    published2008-04-11
    reporterThis script is Copyright (C) 2008-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/31800
    titleDefault Password (dottie) for 'root' Account
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    account = "root";
    password = "dottie";
    
    
    include("compat.inc");
    
    if (description)
    {
      script_id(31800);
      script_version ("1.22");
      script_cvs_date("Date: 2018/07/25 16:19:22");
    
      script_cve_id("CVE-1999-0502", "CVE-2006-5288");
      script_bugtraq_id(20490);
     
      script_name(english:"Default Password (dottie) for 'root' Account");
      script_summary(english:"Attempts to log in to the remote host.");
         
      script_set_attribute(attribute:"synopsis", value:
    "An administrative account on the remote host uses known default
    password.");
      script_set_attribute(attribute:"description", value:
    "The account 'root' has the password 'dottie'.  An attacker may use
    this to gain further privileges on this system");
      script_set_attribute(attribute:"solution", value:
    "Set a strong password for this account or disable it.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:TF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:T/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
      script_set_attribute(attribute:"exploit_available", value:"false");
      script_set_attribute(attribute:"metasploit_name", value:'SSH User Code Execution');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2006/10/13");
      script_set_attribute(attribute:"plugin_publication_date", value:"2008/04/11");
    
      script_set_attribute(attribute:"plugin_type", value:"remote");
      script_set_attribute(attribute:"default_account", value:"true");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Default Unix Accounts");
    
      script_copyright(english:"This script is Copyright (C) 2008-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("find_service1.nasl", "ssh_detect.nasl", "account_check.nasl");
      script_require_ports("Services/telnet", 23, "Services/ssh", 22);
      script_exclude_keys("global_settings/supplied_logins_only");
    
      exit(0);
    }
    
    #
    # The script code starts here : 
    #
    include("audit.inc");
    include("default_account.inc");
    include("global_settings.inc");
    
    if (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);
    
    if (! thorough_tests && ! get_kb_item("Settings/test_all_accounts"))
     exit(0, "Neither thorough_tests nor 'Settings/test_all_accounts' is set.");
    
    affected = FALSE;
    ssh_ports = get_service_port_list(svc: "ssh", default:22);
    foreach port (ssh_ports)
    {
      port = check_account(login:account, password:password, port:port, svc:"ssh");
      if (port)
      {
        affected = TRUE;
        security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());
      }
    }
    if(affected) exit(0);
    
    telnet_ports = get_service_port_list(svc: "telnet", default:23);
    foreach port (telnet_ports)
    {
      port = check_account(login:account, password:password, port:port, svc:"telnet");
      if (port)
      {
        affected = TRUE;
        security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());
      }
    }
    if(!affected) audit(AUDIT_HOST_NOT, "affected");
    
    
  • NASL familyDefault Unix Accounts
    NASL idACCOUNT_ROOT_PASSWORD.NASL
    descriptionThe account
    last seen2020-06-01
    modified2020-06-02
    plugin id24745
    published2007-03-01
    reporterThis script is Copyright (C) 2007-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/24745
    titleDefault Password (password) for 'root' Account
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    account = "root";
    password = "password";
    
    
    include("compat.inc");
    
    if (description)
    {
      script_id(24745);
      script_version("1.29");
      script_cvs_date("Date: 2018/07/25 16:19:22");
    
      script_cve_id("CVE-1999-0502", "CVE-2006-5288", "CVE-2012-4577");
      script_bugtraq_id(20490, 55196);
      script_xref(name:"ICSA", value:"12-263-02");
      script_xref(name:"ICSA", value:"12-297-02");
     
      script_name(english:"Default Password (password) for 'root' Account");
      script_summary(english:"Attempts to log in to the remote host.");
    
      script_set_attribute(attribute:"synopsis", value:
    "An administrative account on the remote host uses a weak password.");
      script_set_attribute(attribute:"description", value:
    "The account 'root' has the password 'password'.  An attacker may use
    it to gain further privileges on this system.
    
    Note that Korenix Jetport installs are known to use these credentials
    although other hosts are likely to as well as 'password' is reportedly a
    common password.");
      script_set_attribute(attribute:"see_also", value:"http://www.digitalbond.com/2012/06/13/korenix-and-oring-insecurity/");
      script_set_attribute(attribute:"solution", value:
    "Set a strong password for this account or disable it.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:TF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:T/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
      script_set_attribute(attribute:"exploit_available", value:"false");
      script_set_attribute(attribute:"metasploit_name", value:'SSH User Code Execution');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
    
      script_set_attribute(attribute:"vuln_publication_date",value:"2006/10/13");
      script_set_attribute(attribute:"plugin_publication_date",value:"2007/03/01");
    
      script_set_attribute(attribute:"plugin_type", value:"remote");
      script_set_attribute(attribute:"default_account", value:"true");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Default Unix Accounts");
     
      script_copyright(english:"This script is Copyright (C) 2007-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
     
      script_dependencies("find_service1.nasl", "ssh_detect.nasl", "account_check.nasl");
      script_require_ports("Services/telnet", 23, "Services/ssh", 22);
      script_exclude_keys("global_settings/supplied_logins_only");
    
      exit(0);
    }
    
    #
    # The script code starts here : 
    #
    include("audit.inc");
    include("default_account.inc");
    include("global_settings.inc");
    
    if (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);
    
    if (! thorough_tests && ! get_kb_item("Settings/test_all_accounts"))
     exit(0, "Neither thorough_tests nor 'Settings/test_all_accounts' is set.");
    
    affected = FALSE;
    ssh_ports = get_service_port_list(svc: "ssh", default:22);
    foreach port (ssh_ports)
    {
      port = check_account(login:account, password:password, port:port, svc:"ssh");
      if (port)
      {
        affected = TRUE;
        security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());
      }
    }
    if(affected) exit(0);
    
    telnet_ports = get_service_port_list(svc: "telnet", default:23);
    foreach port (telnet_ports)
    {
      port = check_account(login:account, password:password, port:port, svc:"telnet");
      if (port)
      {
        affected = TRUE;
        security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());
      }
    }
    if(!affected) audit(AUDIT_HOST_NOT, "affected");