Published: 06/11/2015 Updated: 06/01/2017
CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8
VMScore: 578
Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

Vulnerability Summary

The default configuration of sshd_config in Cisco Mobility Services Engine (MSE) up to and including allows logins by the oracle account, which makes it easier for remote malicious users to obtain access by entering this account's hardcoded password in an SSH session, aka Bug ID CSCuv40501.

Affected Products

Vendor Product Versions
CiscoMobility Services Engine5.1 Base, 5.2 Base, 6.0 Base, 7.0 Base,,,, 7.4 Base,,,,, 8.0(110.0), 8.0 Base

Vendor Advisories

A vulnerability in the Cisco Mobility Services Engine (MSE) could allow an unauthenticated, remote attacker to log in to the MSE with the default oracle account This account does not have full administrator privileges The vulnerability is due to a user account that has a default and static password This account is created at installation and ...