Cisco Network Assurance Engine CLI Access with Default Password Vulnerability
Description
A vulnerability in the management web interface of Cisco Network Assurance Engine (NAE) could allow an unauthenticated, local attacker to gain unauthorized access or cause a Denial of Service (DoS) condition on the server. The vulnerability is due to a fault in the password management system of NAE. An attacker could exploit this vulnerability by authenticating with the default administrator password via the CLI of an affected server. A successful exploit could allow the attacker to view potentially sensitive information or bring the server down, causing a DoS condition. This vulnerability affects Cisco Network Assurance Engine (NAE) Release 3.0(1). The default password condition only affects new installations of Release 3.0(1).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2=3.0(1)+ 1 more
- (no CPE)range: =3.0(1)
- (no CPE)range: 3.0(1)
Patches
Vulnerability mechanics
References
2- tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190212-nae-dosmitrevendor-advisoryx_refsource_CISCO
- www.securityfocus.com/bid/107010mitrevdb-entryx_refsource_BID
News mentions
0No linked articles in our index yet.