| VID |
29134 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CISCO |
| Detailed Description |
The HTTP service of the Cisco router does not require a password for administrative access. Cisco routers provide a Web interface to allow network administrators to monitor and administer distributed Cisco devices via a Web browser. The default installation of various Cisco routers does not require a password for access. A remote attacker with knowledge of this information could connect to an affected router using the Web interface to gain unauthorized access and make unauthorized changes to the router's configuration settings.
* Platforms Affected:
Cisco Router Any version |
| Recommendation |
Connect to the Router console and set up the Terminal and Enable passwords to values that are difficult to guess immediately. |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
