Vulnerabilities > CVE-2013-5558 - Credentials Management vulnerability in Cisco Telepresence VX Clinical Assistant 1.2

047910
CVSS 10.0 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
low complexity
cisco
CWE-255
critical
nessus

Summary

The WIL-A module in Cisco TelePresence VX Clinical Assistant 1.2 before 1.21 changes the admin password to an empty password upon a reboot, which makes it easier for remote attackers to obtain access via the administrative interface, aka Bug ID CSCuj17238.

Vulnerable Configurations

Part Description Count
Application
Cisco
1

Common Weakness Enumeration (CWE)

Nessus

NASL familyMisc.
NASL idCISCO_CCA_BLANK_PASSWORD.NASL
descriptionCisco TelePresence VX Clinical Assistant is affected by a password reset vulnerability. The WIL-A module causes the administrative password to be reset to a blank password every time the device is rebooted. This plugin attempts to authenticate to the device using the username
last seen2020-06-01
modified2020-06-02
plugin id70940
published2013-11-18
reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/70940
titleCisco TelePresence VX Clinical Assistant WIL-A Module Reboot Admin Password Removal