Cisco Network Registrar Software Releases prior to 7.2 contain a
default password for the administrative account. During the initial
installation, users are not forced to change this password, allowing it to
persist after the installation. An attacker who is aware of this vulnerability
could authenticate with administrative privileges and arbitrarily change the
configuration of Cisco Network Registrar.
The upgrade to Software Release 7.2 is not free; however, a workaround
is provided in this document that will prevent exploitation of the
When performing an upgrade to Software Release 7.2, you must use the
workaround to change the password of the administrative account. You will be
prompted to enter a new administrator's password only if you are performing a
new installation of Software Release 7.2 of Cisco Network Registrar.
The workaround for this vulnerability is to change the password
associated with the administrative account using the method described in the
This advisory is posted at http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20110601-cnr