Vulnerabilities > CVE-2013-5558 - Credentials Management vulnerability in Cisco Telepresence VX Clinical Assistant 1.2
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
The WIL-A module in Cisco TelePresence VX Clinical Assistant 1.2 before 1.21 changes the admin password to an empty password upon a reboot, which makes it easier for remote attackers to obtain access via the administrative interface, aka Bug ID CSCuj17238.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Common Weakness Enumeration (CWE)
Nessus
NASL family | Misc. |
NASL id | CISCO_CCA_BLANK_PASSWORD.NASL |
description | Cisco TelePresence VX Clinical Assistant is affected by a password reset vulnerability. The WIL-A module causes the administrative password to be reset to a blank password every time the device is rebooted. This plugin attempts to authenticate to the device using the username |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 70940 |
published | 2013-11-18 |
reporter | This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/70940 |
title | Cisco TelePresence VX Clinical Assistant WIL-A Module Reboot Admin Password Removal |