CVE-2019-1688

Name of the Vulnerable Software and Affected Versions Cisco Network Assurance Engine (NAE) Release 3.0(1)

Description A vulnerability in the management web interface of Cisco Network Assurance Engine (NAE) could allow an unauthenticated, local attacker to gain unauthorized access or cause a Denial of Service (DoS) condition on the server. The issue is due to a fault in the password management system of NAE, specifically related to the use of default administrator credentials. An attacker could exploit this by authenticating with the default administrator password via the CLI of an affected server, potentially allowing them to view sensitive information or bring the server down.

Recommendations For Cisco Network Assurance Engine (NAE) Release 3.0(1), change the default administrator password as soon as possible after installation to prevent unauthorized access. Consider restricting access to the management web interface and CLI until the password is changed. As a temporary workaround, limit the use of the default administrator account until a secure password is set.