CVE-2002-1229 in Cajun P550R
Summary
by MITRE
Avaya Cajun switches P880, P882, P580, and P550R 5.2.14 and earlier contain undocumented accounts (1) manuf and (2) diag with default passwords, which allows remote attackers to gain privileges.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 09/07/2025
The vulnerability identified as CVE-2002-1229 affects Avaya Cajun switches P880, P882, P580, and P550R running firmware versions 5.2.14 and earlier. This represents a critical security flaw that stems from the inclusion of undocumented administrative accounts within the switch firmware, creating a backdoor access mechanism that bypasses normal authentication procedures. The presence of these accounts violates fundamental security principles and demonstrates poor security hygiene in the device design and deployment lifecycle.
The technical flaw involves the hardcoded existence of two administrative accounts named manuf and diag, each with default passwords that are well-documented in security research and publicly available. These accounts provide full administrative privileges to anyone who can access the network and knows the default credentials, effectively creating a permanent backdoor that remains active regardless of network configuration changes or password updates. The vulnerability directly maps to CWE-798, which addresses the use of hard-coded credentials, and CWE-259, covering the use of hard-coded passwords. This flaw allows attackers to gain unauthorized administrative access to network infrastructure, potentially enabling them to modify network configurations, monitor traffic, or disrupt services.
The operational impact of this vulnerability is severe for organizations relying on these network switches, as it provides attackers with immediate administrative control over critical network infrastructure. Remote attackers can exploit this vulnerability without requiring physical access or specialized knowledge of the network topology, making it particularly dangerous for enterprise environments. The ability to gain privileges through default credentials enables attackers to perform actions such as modifying routing tables, disabling network services, accessing sensitive network data, and establishing persistent access points within the network. This vulnerability aligns with ATT&CK technique T1078 which covers valid accounts and T1566 which covers credential harvesting, as the default accounts essentially provide pre-existing valid credentials.
Organizations should immediately implement mitigations including disabling or removing the undocumented accounts from affected switches, changing default passwords to strong, unique credentials, and ensuring that only necessary administrative accounts remain active. Network segmentation and access controls should be implemented to limit the attack surface, while regular security audits should verify that no unauthorized accounts exist on network infrastructure. The vulnerability also highlights the importance of firmware update management and proper security configuration practices, as these switches should not contain default accounts with known passwords in production environments. Additionally, organizations should conduct regular vulnerability assessments and penetration testing to identify similar hardcoded credentials in other network devices and ensure compliance with security standards such as NIST SP 800-53 and ISO 27001.