TELNET: APC Backdoor Login Attempt

This signature detects attempts to exploit a known vulnerability in an American Power Conversion (APC) Universal Power Supply (UPS) or SmartSwitch device. Attackers can login to an APC UPS or SmartSwitch device using a backdoor password, then determine the login credentials of any user to gain full administrative access to the device.

Extended Description

APC SmartSlot Web/SNMP Management Card has been reported prone to a default password vulnerability. This password is reportedly used during initial card configuration, prior to public distribution. It has been reported that an attacker may access any of the affected services, if they are available, by using the default password. The impact of this issue may be exaggerated if the same authentication credentials are used to access multiple hosts.

Affected Products

Apc web/snmp_management_card_(9606)_firmware

References

BugTraq: 9681

CVE: CVE-2004-0311

URL: http://www.securityfocus.com/archive/1/354169/2004-02-15/2004-02-21/0 http://www.securitytracker.com/alerts/2004/Feb/1009090.html http://www.securityspace.com/smysecure/catid.html?viewsrc=1&id=12066

Short Name

TELNET:USER:APC-BACKDOOR

Severity

Major

Recommended

False

Recommended Action

Drop

TELNET: APC Backdoor Login Attempt

Extended Description

Affected Products

References

Found a potential security threat?