CVE-2009-0620

critical Cisco
CVSS v3 Base Score
10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS Score
0.5%
Exploitation probability in 30 days
Top 36% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
Low
Confidentiality
C
Integrity
C
Availability
C
Published: February 26, 2009 (6285 days ago)
Last Modified: April 23, 2026
Vendor: Cisco
Source: NVD

Description

Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers before A2(1.1) uses default (1) usernames and (2) passwords for (a) the administrator and (b) web management, which makes it easier for remote attackers to perform configuration changes or obtain operating-system access.

CWE

CWE-255

Affected Products

cisco application control engine module

References

🔗 www.cisco.com 🔗 www.securityfocus.com 🔗 www.cisco.com 🔗 www.securityfocus.com