Summary
The remote terminal server has the default password set.
This means that anyone who has (downloaded) a user manual can telnet to it and gain administrative access.
If modems are attached to this terminal server, it may allow unauthenticated remote access to the network.
Solution
Telnet to this terminal server change to the root
user with 'su' and set the password with the 'passwd' command.
Then, go to the admin mode using the 'admin' command. Cli security can then be enabled by setting the vcli_security to 'Y' with the command 'set annex vcli_security Y'. This will require ERPCD or RADIUS authentication for access to the terminal server. Changes can then be applied through the 'reset annex all' command.
Severity
Classification
-
CVSS Base Score: 7.8
AV:N/AC:L/Au:N/C:N/I:N/A:C
Related Vulnerabilities
- Active Perl Locale::Maketext Module Multiple Code Injection Vulnerabilities (Windows)
- Adobe Air Multiple Vulnerabilities - October 12 (Windows)
- Adobe Acrobat and Reader PDF Handling Code Execution Vulnerability (Mac OS X)
- Adobe Air and Flash Player Multiple Vulnerabilities August-2011 (Windows)
- Adobe Acrobat Multiple Vulnerabilities - 01 May14 (Mac OS X)