exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Cisco Security Advisory 20151104-mse-cred

Cisco Security Advisory 20151104-mse-cred
Posted Nov 5, 2015
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the Cisco Mobility Services Engine (MSE) could allow an unauthenticated, remote attacker to log in to the MSE with the default oracle account. This account does not have full administrator privileges. The vulnerability is due to a user account that has a default and static password. This account is created at installation and cannot be changed or deleted without impacting the functionality of the system. An attacker could exploit this vulnerability by remotely connecting to the affected system via SSH using this account. A successful exploit could allow the attacker to log in to the MSE using the default oracle account. Cisco has released software updates that address this vulnerability. A workaround that mitigates this vulnerability is available.

tags | advisory, remote
systems | cisco
SHA-256 | ca264789af643a26820dace5a09aa6101af15aac89db5f067a24976a43237364

Cisco Security Advisory 20151104-mse-cred

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Mobility Services Engine Static Credential Vulnerability

Advisory ID: cisco-sa-20151104-mse-cred

Revision 1.0

For Public Release 2015 November 4 16:00 UTC (GMT)

+---------------------------------------------------------------------

Summary
=======

A vulnerability in the Cisco Mobility Services Engine (MSE) could
allow an unauthenticated, remote attacker to log in to the MSE with
the default oracle account. This account does not have full administrator
privileges.

The vulnerability is due to a user account that has a default and static
password. This account is created at installation and cannot be changed
or deleted without impacting the functionality of the system. An attacker
could exploit this vulnerability by remotely connecting to the affected
system via SSH using this account. A successful exploit could allow the
attacker to log in to the MSE using the default oracle account.

Cisco has released software updates that address this vulnerability. A
workaround that mitigates this vulnerability is available.

This advisory is available at the following link:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151104-mse-cred

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (SunOS)

iQIVAwUBVjU/CIpI1I6i1Mx3AQKNjg/9GI0PcbZpae1heXAxTQRq4eKBKlzxIECj
gJeC8r8CPUtFnjzxRWx7JmcqWXCD9Yo1/XEOmD+O3bmfc6xg3Ek0XTT08YS5vIi0
hyLW3m1imMElicStf8qB8g0fvGKJksgxnkkwi0gSxTnW9KKfolgNjLFmdjYe7FSs
4JgyqhxMwO46GNXwX6yJL3MfRVCyShQfsQoTKT+x3g+geXdcVcETiSCChZmmqIXJ
rUeVpBQf1uGjteuOWUW2DDnztcFSBVt/1t9v5BakgX6sX/pEU6W87NQgq5Gn+1Ur
v0XTO1FC9MmXe5E7JFBT8bq6EhQ8ZtqNSh+hjiqx8pMiMUaMB2igPmMknCsVybKI
7y9A4i5+J6TkG96KEtXqbNOer1rejjS3j83Io1yfJe3tUbr/a3t+Mu5pywJEt83N
esyDSV6M9FCK9dlhugvoTvw6g9vsmRBwr9gLDhzWbRojMdfIX3DIawgrbmWYLZi4
Zh8y4aADE7jXlVV2viJrSeGVnCYJus5ZBZfWUcnXK8DDVmc1811HOoZ9NBYz10NV
KU77Xd4ABMGxTpzhGRMmZ3BS0pPSCcOtXFID4HBZikRzNd5o0nESnCw/XJN2AbF+
28jvo2LkVc3K/QJLOivLqAa3E4kK5MM0RzIqQnlt5LHAVZXuvH4Ozjfn1Aev1AFp
cs6ZocWGsjg=
=QO9M
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

October 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    39 Files
  • 2
    Oct 2nd
    23 Files
  • 3
    Oct 3rd
    18 Files
  • 4
    Oct 4th
    20 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    17 Files
  • 8
    Oct 8th
    66 Files
  • 9
    Oct 9th
    25 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close