-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Cisco Security Advisory: Default Credentials Vulnerability in Cisco
Network Registrar
Advisory ID: cisco-sa-20110601-cnr
Revision 1.0
A device that is running Cisco IOS Software is configured to act
as a DNS server if the command "ip dns server" is present in the
configuration. This command is not enabled by default.
* Cisco Network Registrar
All Cisco Network Registrar versions are affected, and DNS services
are enabled by default.
The DNS server on CNR is enabled via the command-line interface
Affected Products
=================
All versions of GSS system software prior to 3.0(1) are affected by
this vulnerability. If the GSS is configured with the optional Cisco
Network Registrar (CNR) software, the device is not vulnerable.
Vulnerable Products
+------------------
The following GSS products are affected by this vulnerability:
| | |
|----------------------------+-------------------------------|
| Cisco Network Analysis | CSCtd02729 |
| Module Software (NAM) | |
|----------------------------+-------------------------------|
| Cisco Network Registrar | CSCtd02748 |
| | |
|----------------------------+-------------------------------|
| Cisco ONS 15500 Series | CSCtd02769 |
| | |
|----------------------------+-------------------------------|
