Wednesday, January 11, 2006

Cisco Security Advisory on CS-MARS

Via Cisco.

The Cisco Security Monitoring, Analysis and Response System (CS-MARS) software contains a default password for an undocumented administrative account. This password is set, without any user intervention, during installation of the software used by CS-MARS appliances, and is the same in all installations of the product. Users must be authenticated to the CS-MARS command line in order to utilize the default password to access the administrative account.

Software version 4.1.2 and earlier of CS-MARS are affected by this vulnerability. Customers running software version 4.1.3 or higher can mitigate the effects of this vulnerability by applying the workaround listed in this advisory. Cisco has made free software available to address this vulnerability for affected customers.

0 Comments:

Post a Comment

<< Home