Η Cisco, the world's largest manufacturer of networking equipment, delivered servers for seven whole weeks without realizing that they contained a different default code accesss for the administrator.
According to Sign upThe Cisco normally gives all their administrator accounts the "admin / password" combination. But it seems to have delivered 42 models of servers with the password "Cisco1234".
The company reports that the wrong password prevented access to the Cisco Integrated Management Controller's customers, so customers have complained and Cisco has begun an investigation.
The problem was quickly identified as being due to the wrong password, and the company proceeded to correct the accompanying written instructions so that the Password coded into the devices to be the same as what is included in their technical manuals.
Cisco says all 42 affected models were manufactured between November 17th 2015 and January 6, 2016. All affected models are listed at the end of this article. The company issued a public advisory briefing for this incident, and advised network administrators to change their default password to something more secure as soon as possible.
AFFECTING MODELS:
EXPY-EXPWY-CE1K-BDL-K9
EXPY-EXPWY-CE500-BDL-K9
VCSCNTR-CTI-CE1K-BDL-K9
UCS-UCSC-C220-M3SBE
MXE3500-MXE-3500-V3-K9
TCS-TCS-C220-5RP-K9
TCS-TCS-C220-PROBUN-K9
TCS-TCS-SMB-C220-K9
SERVER-APIC-SERVER-L1
SERVER-APIC-SERVER-M1
EMBUNAM-NGA3240-K9
UCSC-UCSC-C220-M4L
UCSC-UCSC-C220-M4S
UCSC-UCSC-C240-M3S2
UCSC-UCSC-C240-M4L
UCSC-UCSC-C240-M4S
UCSC-UCSC-C240-M4S2
UCSC-UCSC-C240-M4SNEBS
UCSC-UCSC-C240-M4SX
UCSC-UCSC-BASE-M2-C460
UCSC-UCSC-C22-M3L
UCSC-UCSC-C220-M3L
UCSC-UCSC-C220-M3S
UCSC-UCSC-C240-M3L
UCSC-UCSC-C240-M3S
UCSC-UCSC-C420-M3
UCSC-UCSC-C460-M4
UCSC-UCSC-C460-M4-CH
UCSC-UCSC-C22-M3S
UCSC-UCSC-C24-M3S
N1000-N1K-1110-S
N1000-N1K-1110-X
DELVHW-MDE-1125-K9
DELVHW-MDE-3125-K9
CAAPL-CAAPL-CSPC-L-V1-K9
THRGD-TG5000-K9
THRGD-TG5500-K9
SER1CISE-SNS-3415-K9
SER1CISE-SNS-3495-K9
CSMGR-CSM4-UCS2-50-K9
PS-CPS-UCS-1RU-K9
PS-CPS-UCS-2RU-K9