Machine is vulnerable to attacks after CPUSE clean install and before completing the First Time Wizard
The administrator password is reset during the CPUSE clean installation process.
On versions R80.10 Take 479, R80.20 and R80.20.M2, all interfaces configuration is saved. This leaves all publicly available interfaces open for connection via the default password.
On R77.30, the management interface configuration is saved. If this interface is publicly available, it is open for connection via the default password.
Effective April 30th, 2019, the CPUSE Upgrade packages have been replaced, resolving this problem on R80.x versions.
Note: the "admin" user must be defined on the machine before performing CPUSE clean install or upgrade.
If you choose not to use the updated CPUSE version or use R77.x, to resolve the problem, reset the admin password as soon as the clean installation process completes.
To do so, run the "set user admin password" command in Clish and change the password as prompted.