Cisco Security Advisory on CS-MARS

["Fergie" <fergdawg () netzero net>]

Via Cisco.

[snip]

The Cisco Security Monitoring, Analysis and Response System (CS-MARS) software contains a default password for an 
undocumented administrative account. This password is set, without any user intervention, during installation of the 
software used by CS-MARS appliances, and is the same in all installations of the product. Users must be authenticated 
to the CS-MARS command line in order to utilize the default password to access the administrative account.

Software version 4.1.2 and earlier of CS-MARS are affected by this vulnerability. Customers running software version 
4.1.3 or higher can mitigate the effects of this vulnerability by applying the workaround listed in this advisory. 
Cisco has made free software available to address this vulnerability for affected customers.

[snip]

http://www.cisco.com/en/US/products/products_security_advisory09186a00805e3234.shtml

- ferg


--
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawg () netzero net or fergdawg () sbcglobal net
 ferg's tech blog: http://fergdawg.blogspot.com/


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.