Avaya Cajun switches P880, P882, P580, and P550R 5.2.14 and earlier contain undocumented accounts (1) manuf and (2) diag with default passwords, which allows remote attackers to gain privileges.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Cajun_p550 | Avaya | 4.3.5 (including) | 4.3.5 (including) |
| Cajun_p550r | Avaya | 5.2.14 (including) | 5.2.14 (including) |
| Cajun_p580 | Avaya | 5.2.14 (including) | 5.2.14 (including) |
| Cajun_p880 | Avaya | 5.2.14 (including) | 5.2.14 (including) |
| Cajun_p882 | Avaya | 5.2.14 (including) | 5.2.14 (including) |
References
- http://marc.info/?l=bugtraq\u0026m=103470243012971\u0026w=2
- http://support.avaya.com/japple/css/japple?PAGE=avaya.css.OpenPage\u0026temp.template.name=Avaya_P580_P882_Undocumented
- http://www.iss.net/security_center/static/10374.php
- http://www.kb.cert.org/vuls/id/482241
- http://www.securityfocus.com/bid/5965
- http://marc.info/?l=bugtraq\u0026m=103470243012971\u0026w=2
- http://support.avaya.com/japple/css/japple?PAGE=avaya.css.OpenPage\u0026temp.template.name=Avaya_P580_P882_Undocumented
- http://www.iss.net/security_center/static/10374.php
- http://www.kb.cert.org/vuls/id/482241
- http://www.securityfocus.com/bid/5965