The emergency administration account must be set to an appropriate authorization level to perform necessary administrative functions when the authentication server is not online.

From Perimeter Router Security Technical Implementation Guide Cisco

Part of Emergency administration account privilege level is not set.

SV-16261r5_rule The emergency administration account must be set to an appropriate authorization level to perform necessary administrative functions when the authentication server is not online.

Vulnerability discussion

The emergency administration account is to be configured as a local account on the network devices. It is to be used only when the authentication server is offline or not reachable via the network. The emergency account must be set to an appropriate authorization level to perform necessary administrative functions during this time.

Check content

Review the emergency administration account configured on the network devices and verify that it has been assigned to a privilege level that will enable the administrator to perform necessary administrative functions when the authentication server is not online. If the emergency administration account is configured for more access than needed to troubleshoot issues, this is a finding.

Fix text

Assign a privilege level to the emergency administration account to allow the administrator to perform necessary administrative functions when the authentication server is not online.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer