Test ID:	1.3.6.1.4.1.25623.1.0.105463
Category:	CISCO
Title:	Cisco Mobility Services Engine (MSE) Multiple Vulnerabilities (cisco-sa-20151104-privmse, cisco-sa-20151104-mse-cred)
Summary:	Cisco Mobility Services Engine (MSE) is prone multiple; vulnerabilities.
Description:	Summary: Cisco Mobility Services Engine (MSE) is prone multiple vulnerabilities. Vulnerability Insight: The following flaws exist: - an insecure default-password vulnerability Remote attackers with knowledge of the default credentials may exploit this vulnerability to gain unauthorized access and perform unauthorized actions. This may aid in further attacks. - a local privilege escalation vulnerability A local attacker may exploit this issue to gain elevated root privileges on the device. These issues are being tracked by Cisco Bug ID CSCuv40501 and CSCuv40504. Affected Software/OS: Cisco Mobility Services Engine (MSE) versions 8.0.120.7 and earlier are vulnerable. Solution: Updates are available. CVSS Score: 6.9 CVSS Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2015-6316 BugTraq ID: 77432 http://www.securityfocus.com/bid/77432 Cisco Security Advisory: 20151104 Cisco Mobility Services Engine Static Credential Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151104-mse-cred http://www.securitytracker.com/id/1034065 Common Vulnerability Exposure (CVE) ID: CVE-2015-4282 BugTraq ID: 77435 http://www.securityfocus.com/bid/77435 Cisco Security Advisory: 20151104 Cisco Mobility Services Engine Privilege Escalation Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151104-privmse http://www.securitytracker.com/id/1034066
Copyright	Copyright (C) 2015 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.