Cisco, the world's largest network equipment manufacturer, delivered servers for seven weeks without realizing they contained a different default code accesss for the administrator.
According to Sign upThe Cisco normally gives all their administrator accounts the "admin / password" combination. But it seems to have delivered 42 models of servers with the password "Cisco1234".
The company reports that the wrong password prevented access to the Cisco Integrated Management Controller's customers, so customers have complained and Cisco has begun an investigation.
The problem γρήγορα εντοπίστηκε ότι οφειλόταν στον λάθος κωδικό πρόσβασης και η εταιρεία προχώρησε στην διόρθωση των συνοδευτικών γραπτών οδηγιών έτσι ώστε ο Password coded into the devices to be the same as what is included in their technical manuals.
Cisco reports that all affected 42 models were manufactured between 17 November 2015 and 6 January 2016. All affected models are listed at the end of this article. The company has issued one public advisory briefing for this incident, and advised network administrators to change their default password to something more secure as soon as possible.
AFFECTING MODELS:
EXPY-EXPWY-CE1K-BDL-K9
EXPY-EXPWY-CE500-BDL-K9
VCSCNTR-CTI-CE1K-BDL-K9
UCS-UCSC-C220-M3SBE
MXE3500-MXE-3500-V3-K9
TCS-TCS-C220-5RP-K9
TCS-TCS-C220-PROBUN-K9
TCS-TCS-SMB-C220-K9
SERVER-APIC-SERVER-L1
SERVER-APIC-SERVER-M1
EMBUNAM-NGA3240-K9
UCSC-UCSC-C220-M4L
UCSC-UCSC-C220-M4S
UCSC-UCSC-C240-M3S2
UCSC-UCSC-C240-M4L
UCSC-UCSC-C240-M4S
UCSC-UCSC-C240-M4S2
UCSC-UCSC-C240-M4SNEBS
UCSC-UCSC-C240-M4SX
UCSC-UCSC-BASE-M2-C460
UCSC-UCSC-C22-M3L
UCSC-UCSC-C220-M3L
UCSC-UCSC-C220-M3S
UCSC-UCSC-C240-M3L
UCSC-UCSC-C240-M3S
UCSC-UCSC-C420-M3
UCSC-UCSC-C460-M4
UCSC-UCSC-C460-M4-CH
UCSC-UCSC-C22-M3S
UCSC-UCSC-C24-M3S
N1000-N1K-1110-S
N1000-N1K-1110-X
DELVHW-MDE-1125-K9
DELVHW-MDE-3125-K9
CAAPL-CAAPL-CSPC-L-V1-K9
THRGD-TG5000-K9
THRGD-TG5500-K9
SER1CISE-SNS-3415-K9
SER1CISE-SNS-3495-K9
CSMGR-CSM4-UCS2-50-K9
PS-CPS-UCS-1RU-K9
PS-CPS-UCS-2RU-K9
