Hello,
It appears that the Cisco VG248 voip system ships with a blank
password on the telnet connection for configuration (at least all of
ours showed up like that). Scanning with nessus returned garbage for a
banner when it connected on port 23 and no other "Blank Password"
scripts caught the problem.
Attached is a script that specifically looks for the "Configure"
option when it connects and returns a "security hole" alert. The
reason for choosing "Configure" over the units cisco name is that the
"Cisco VG248" name appears both on the configuration page and on the
login if the password is enabled.
The script does not limit its search to port 23.
This is a non-intrusive script.
It appears that the Cisco VG248 voip system ships with a blank
password on the telnet connection for configuration (at least all of
ours showed up like that). Scanning with nessus returned garbage for a
banner when it connected on port 23 and no other "Blank Password"
scripts caught the problem.
Attached is a script that specifically looks for the "Configure"
option when it connects and returns a "security hole" alert. The
reason for choosing "Configure" over the units cisco name is that the
"Cisco VG248" name appears both on the configuration page and on the
login if the password is enabled.
The script does not limit its search to port 23.
This is a non-intrusive script.
Attached Files:
-
CiscoVG248.nasl (1.85 KB)