Cisco Network Assurance Engine (NAE) contains password vulnerability

News by Robert Abel

A default password vulnerability in Network Assurance Engine (NAE) could allow an unauthenticated, local attacker to gain unauthorised access or cause a Denial of Service (DoS) condition on the server.

A default password vulnerability in Network Assurance Engine (NAE) could allow an unauthenticated, local attacker to gain unauthorised access or cause a Denial of Service (DoS) condition on the server.

A flaw in NAE’s password management system can be exploited by authenticating with the default administrator password via the CLI of an affected server. Version 3.0.(1) is vulnerable to the flaw, according to a 12 February security advisory.

Cisco has released an update to address the vulnerability and offers the work around of allowing users to change the default administrator password from the CLI by setting a new password with the passwd command.

Those wishing to use the workaround are instructed to contact Cisco Technical Assistance Center (TAC) so the default password can be entered securely over a remote support session. 

This article was originally published on SC Media US.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Upcoming event 

Webcast: Understanding this year's biggest adversaries - and how to combat them 

Nation-state activity, versatile, slippery strategies and Big Game Hunting - the threats are real, dangerous and ever changing. 
Brought to you in partnership with Crowdstrike