Patch/Configuration Management, Vulnerability Management

Cisco Network Assurance Engine (NAE) contains password vulnerability

A default password vulnerability in Network Assurance Engine (NAE) could allow an unauthenticated, local attacker to gain unauthorized access or cause a Denial of Service (DoS) condition on the server.

A flaw in NAE’s password management system can be exploited by authenticating with the default administrator password via the CLI of an affected server. Version 3.0.(1) is vulnerable to the flaw, according to a Feb. 12 security advisory.

Cisco has released an update to address the vulnerability and offers the work around of allowing users to change the default administrator password from the CLI by setting a new password with the passwd command.

Those wishing to use the workaround are instructed to contact Cisco Technical Assistance Center (TAC) so the default password can be entered securely over a remote support session.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.