Hardcoded SSH credentials in Cisco's Unified CM and Unified CME software allow attackers full root access, rated CVSS 10 out of 10. These static login credentials reserved for development cannot be changed by administrators, leading to severe security risks. Exploitations could enable command execution with root privileges. Organizations can check syslog for signs of intrusion. Cisco has patches available for remediation, and a fix is included in Unified CM and Unified CM SME release 15SU3 expected this month. No known exploits are reported in production environments currently.
This vulnerability is due to the presence of static user credentials for the root account that are reserved for use during development.
Attackers who exploit the vulnerability gain all privileges and full access to IT systems. They can execute any command imaginable with root privileges, the most severe type of compromise.
Successful exploitation of the security vulnerability leaves traces in var/log/active/syslog/secure. Organizations should check these logs to determine whether there has been an intrusion.
Cisco is including the fix in Unified CM and Unified CM SME release 15SU3, which is expected this month.
Collection
[
|
...
]