A default password vulnerability in Network Assurance Engine (NAE) could allow an unauthenticated, local attacker to gain unauthorized access or cause a Denial of Service (DoS) condition on the server.
A flaw in NAE’s password management system can be exploited by authenticating with the default administrator password via the CLI of an affected server. Version 3.0.(1) is vulnerable to the flaw, according to a Feb. 12 security advisory.
Cisco has released an update to address the vulnerability and offers the work around of allowing users to change the default administrator password from the CLI by setting a new password with the passwd command.
Those wishing to use the workaround are instructed to contact Cisco Technical Assistance Center (TAC) so the default password can be entered securely over a remote support session.
