漏洞类别:General remote services
漏洞等级: 
漏洞信息
The Cisco Mobility Services Engine is a platform that uses Wi-Fi to increase visibility into the network, deploy location-based mobile services, and strengthen security.
The vulnerability is due to a user account that has a default and static password. This account is created at installation and cannot be changed or deleted without impacting the functionality of the system. An attacker could exploit this vulnerability by remotely connecting to the affected system via SSH using this account.
Affected Versions:
Cisco Mobility Services Engine (MSE) versions 8.0.120.7 and prior
NOTE: The oracle account does not have full administrator privileges.
漏洞危害
Remote unauthenticated attackers with knowledge of the default credentials may exploit this vulnerability to gain unauthorized access and perform unauthorized actions. This may aid in further attacks.
解决方案
Customers are advised to install Cisco MSE 8.0.120.8 or later versions to remediate this vulnerability.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0day
文章评论