Default Configuration Vulnerability in Cisco Mobility Services Engine
CVE-2015-6316

Currently unrated

Key Information:

Vendor: Cisco
Status: Mobility Services Engine
Vendor: CVE Published:; 6 November 2015

Summary

The default configuration of the sshd_config file in Cisco Mobility Services Engine version 8.0.120.7 permits logins using the oracle account. This creates a significant security risk as attackers can exploit this setting to gain unauthorized SSH access by entering a hardcoded password specifically associated with this account. This vulnerability highlights the importance of secure configurations and the need for proper credential management to prevent potential remote attacks.

References

http://tools.cisco.com/security/center/content/CiscoSecur...

vendor-advisoryx_refsource_CISCO

http://www.securityfocus.com/bid/77432

vdb-entryx_refsource_BID

http://www.securitytracker.com/id/1034065

vdb-entryx_refsource_SECTRACK

Timeline

Vulnerability published
Nov 6, 2015
Vulnerability Reserved
Aug 17, 2015