Rule: -- Sid: 2406 -- Summary: This event is generated when an attempt is made to access an APC device using a known default administrative account and password via Telnet. -- Impact: Serious. Unauthorized administrative access to the device. -- Detailed Information: The APC Management card uses a known default administrative name and password. This rule generates an event when these credentials are used in a Telnet session. If this account and password have not been changed this can lead to unauthorized administrative access to the device. -- Affected Systems: APC WEB/SNMP Management Card (9606) Firmware 3.0 and 3.0.1 -- Attack Scenarios: An attacker may try to use this password and username combination to gain access to an affected device. -- Ease of Attack: Simple. -- False Positives: None known. -- False Negatives: None known. -- Corrective Action: Ensure the system is using an up to date version of the software and has had all vendor supplied patches applied. Change the administrative account username and password. -- Contributors: Sourcefire Vulnerability Research Team Brian Caswell <bmc@sourcefire.com> Nigel Houghton <nigel.houghton@sourcefire.com> -- Additional References: --