Summary
The remote host is a Cisco VG248 with a blank password.
The Cisco VG248 does not have a password set and allows direct access to the configuration interface. An attacker could telnet to the Cisco unit and reconfigure it to lock the owner out as well as completely disable the phone system.
Solution
Telnet to this unit and at the configuration interface:
Choose Configure-> and set the login and enable passwords. If possible, in the future do not use telnet since it is an insecure protocol.
Severity
Classification
-
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Multiple Cisco Nexus Devices IP Stack Remote Denial of Service Vulnerability
- Cisco VG248 login password is blank
- Cisco Prime LAN Management Solution Remote Command Execution Vulnerability
- Cisco IOS XR Software Fragmented Packets Processing Denial of Service Vulnerability
- CISCO Secure ACS Management Interface Login Overflow