Security News -  Security Reviews -   Exploits -  Tools -  UNIX Focus -  Windows Focus
SecuriTeam™  Beyond Security®  SecuriTeam™ Home  Ask the Team  Mailing Lists  Advertising Info  Blogs SecuriTeam™ in Your Inbox   E-mail this CVE-2011-1623 to a friend New vulnerability? New tool? Tell us	CVE-2011-1623 Cisco Media Experience Engine 5600 Default Credentials Vulnerability     Credit: The original article can be found at: http://www.cisco.com/en/US/products/products_security_advisory09186a0080b80122.shtml Website Security Scan Code Vulnerability Test Network Assessment Tool Detect hidden vulnerabilities Exhaustive automated testing Real-time, continuous security Get guidance from professionals of internal or 3rd party code. scanning for your entire network    CVE-2011-1623 Details Check for CVE-2011-1623 Vulnerability Assessment and Management. Automated Pen Testing for 50 to 50,000 nodes beyondsecurity.com/vulnerability-scanner Vulnerable Systems:  * Cisco Media Processing Software releases prior to 1.2 Immune Systems:  * Cisco Media Processing Software releases 1.2  * Cisco MXE 3000 Series Media Experience Engines The Cisco MXE 5600 contains a root user that is enabled for advanced debugging but is unnecessary during normal operations. The root account is not the same as the admin and user accounts. The root account is enabled by default in Cisco Media Processing Software releases prior to 1.2 and is accessible via the local console and SSH. It may also be accessible via Telnet if Telnet is enabled. Telnet is not enabled by default. Cisco Media Processing Software releases prior to 1.2 install with a default password for the root user. Cisco Media Processing Software release 1.2 requires an administrator to choose a root password during installation. The root account cannot be accessed until this step is complete. Successful exploitation of the vulnerability may allow an unauthorized user to modify the software configuration and the operating system settings or gain complete administrative control of the device. Patch Availability: Cisco Media Processing Software for the Cisco MXE 5600 is available for download at: http://www.cisco.com/cisco/software/navigator.html?mdfid=282790320&i=rm Workaround: In Cisco Media Processing Software releases prior to 1.2, the root account is enabled by default with a default password, but the root user can change the password at any time by issuing the passwd command. The passwd command will accept a null or weak password, but Cisco highly recommends using a long, complex password. To change the password, users will need the default password. To obtain the default password, customers must contact the Cisco TAC. Because entitlement will be verified, please have the product serial number available and refer to this advisory. Cisco Media Processing Software Release 1.2 requires the administrator to choose a root password during installation, and the root account cannot be accessed until this step is complete. In Cisco Media Processing Software Release 1.2, the root password can be changed at any other time using the expert password command while logged in as admin. The expert password command is a new feature mentioned in Cisco bug ID CSCto77737 ( registered customers only) and integrated in Cisco Media Processing Software Release 1.2. CVE Information: CVE-2011-1623 Disclosure Timeline: Revision 1.0 2011-June-01 Initial public release  Comments on CVE-2011-1623:  Add new comment:  Subject:  Name/Nick/Email:          Chars Left:	All Sections Security News Unix focus Exploits Tools Windows focus Security Reviews
	Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus

Copyright © 1998-2010 Beyond Security® All rights reserved.
Terms of Use Site Privacy Statement.
SecuriTeam™ is a trademark of Beyond Security®