Cisco Network Registrar Default Credentials Authentication Bypass

Vulnerability
Protection

Check Point Reference:	CPAI-2011-108
Date Published:
Severity:
Last Updated:
Source:
Industry Reference(s):	CVE-2011-2024
Protection Provided by:	IPS-1 IPS-1 IPS-1 NGX R65
Who is Vulnerable? Cisco Systems Network Registrar prior to 7.2
Vulnerability Description An authentication weakness vulnerability exists in Cisco Network Registrar. A remote attacker can leverage this vulnerability to authenticate with administrative privileges to the affected device and change the configuration.

Update/Patch Available Apply patches
Vulnerability Details This is an authentication weakness vulnerability. This is caused by hard-coded default of username and password login credentials.

Protection Overview

In order for the protection to be activated, update your product to the latest update. For information on how to update , go to SBP-2006-05, Protection tab and select the version of your choice.

To configure the defense, select your product from the list below and follow the related protection steps.

IPS-1 NGX R65 & IPS-1

How Can I Protect My Network?
1. In the IPS-1 Policy Manager, click on the Protection tab.
2. In the Protection tree, click Application Intelligence > Authentication, and select the Authentication BE protection group.
3. Click Bad Password List.
4. In the configuration pane, under Settings, check Active.
5. Click on Install Policy.

How Do I Know if My Network is Under Attack?
Upon attack, the following entries will be logged:

Alert Name: Authentication
Description: Bad Password List

Legal Notice for Threat Center Advisories