Avaya Cajun default passwords
| avaya-cajun-default-passwords (10374) |  High Risk |
Description:
The Avaya Cajun P550R, P580, P880, and P882 series switches ship with default passwords for the diag and manuf accounts. A remote attacker could exploit this vulnerability to gain unauthorized administrative access to the affected device.
Consequences:
Gain Access
Remedy:
Upgrade to the latest software version of Avaya Cajun (5.3.0 or later), as listed in the Avaya Security Advisory dated October 11, 2002. See References.
References:
- Avaya Security Advisory October 11, 2002: Avaya P580/P882 undocumented account vulnerability.
- BugTraq Mailing List, Tue Oct 15 2002 - 09:10:26 CDT : Undocumented account vulnerability in Avaya P550R/P580/P880/P882 switches.
- BID-5965: Avaya Cajun Firmware Undocumented Default Accounts Vulnerability
- CVE-2002-1229: Avaya Cajun switches P880, P882, P580, and P550R 5.2.14 and earlier contain undocumented accounts (1) manuf and (2) diag with default passwords, which allows remote attackers to gain privileges.
- OSVDB ID: 10860: Avaya Cajun P Series Switches Multiple Default Accounts
- US-CERT VU#482241: Avaya switches contains multiple undocumented accounts allowing full administrative access to the device
Platforms Affected:
- Avaya P550R MultiService Switch
- Avaya P580 MultiService Switch
- Avaya P880 MultiService Switch
- Avaya P882 MultiService Switch
Reported:
Oct 15, 2002
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email ignore thisxforceignore this@ignore thisus.ignore thisibm.comignore this