SoylentNews

Hardcoded Password Found in Cisco Software

posted by martyb on Friday March 09 2018, @08:46PM   
from the Cisco-Phencyclidine? dept.

Fnord666 writes:

Cisco released 22 security advisories yesterday, including two alerts for critical fixes, one of them for a hardcoded password that can give attackers full control over a vulnerable system.

The hardcoded password issue affects Cisco's Prime Collaboration Provisioning (PCP), a software application that can be used for the remote installation and maintenance of other Cisco voice and video products. Cisco PCP is often installed on Linux servers.

Cisco says that an attacker could exploit this vulnerability (CVE-2018-0141) by connecting to the affected system via Secure Shell (SSH) using the hardcoded password.

The flaw can be exploited only by local attackers, and it also grants access to a low-privileged user account. In spite of this, Cisco has classified the issue as "critical."

Although this vulnerability has a Common Vulnerability Scoring System (CVSS) Base score of 5.9, which is normally assigned a Security Impact Rating (SIR) of Medium, there are extenuating circumstances that allow an attacker to elevate privileges to root. For these reasons, the SIR has been set to Critical.

The reasons are that an attacker can infect another device on the same network and use it as a proxy for his SSH connection to the vulnerable Cisco PCP instance, allowing for remote, over-the-Internet exploitation.

Source: https://www.bleepingcomputer.com/news/security/hardcoded-password-found-in-cisco-software/

---

Original Submission

• Obtuse description Obtuse description (Score: 3, Informative) by frojack on Friday March 09 2018, @09:37PM (3 children)

  by frojack (1554) on Friday March 09 2018, @09:37PM (#650241) Journal

  connecting to the affected system via Secure Shell (SSH) using the hardcoded password.

  A password for ssh access does you nothing without an account on the host machine.

  The vague description suggests that this password is used to log into an account that is installed on Linux during the installation of the Prime Collaboration Provisioning software.
  OR
  perhaps the PCP software itself listens on some port for an ssh-like connection.

  Pretty unclear, even when you read the CVE.

  They also indicate

  attacker ... access the underlying operating system as a low-privileged user. After low-level privileges are gained, the attacker could elevate to root privileges and take full control of the device.

  So that sounds like THEIR software requires an account on the linux box, and that account has some additional root equivalency (sudo authority perhaps?).

  So two vulnerabilities in one.

  --
  No, you are mistaken. I've always had this sig.

  Starting Score:	1		point
  Moderation		+1
  Informative=1, Total=1
  Extra 'Informative' Modifier		0
  Karma-Bonus Modifier		+1
  Total Score:		3

• Re:Obtuse description Re:Obtuse description (Score: 2) by drussell on Friday March 09 2018, @09:45PM (2 children)

  by drussell (2678) on Friday March 09 2018, @09:45PM (#650245) Journal

  A password for ssh access does you nothing without an account on the host machine.

  It would if it is the password for root. ;)

  Parent

  • Re:Obtuse description (Score: 1, Touché) by Anonymous Coward on Friday March 09 2018, @10:16PM

    by Anonymous Coward on Friday March 09 2018, @10:16PM (#650262)

    ...and your system is naive enough to have such an acco. :)

    Parent

  • Re:Obtuse description (Score: 3, Insightful) by frojack on Friday March 09 2018, @10:40PM

    by frojack (1554) on Friday March 09 2018, @10:40PM (#650278) Journal

    Cisco is clearly worried it doesn't have to be root. Now why is that?

    --
    No, you are mistaken. I've always had this sig.

    Parent