Cisco warns of hard-coded credentials and default SSH key issues in some products

Cisco fixed critical flaws that could have allowed unauthenticated attackers to access its devices with hard-coded credentials or default SSH keys.

Cisco has released security updates to address two critical vulnerabilities that could have allowed unauthenticated attackers to log in to affected devices using hard-coded credentials or default SSH keys.

The first flaw fixed by the IT giant, tracked as CVE-2021-34795, affects the Cisco Catalyst Passive Optical Network (PON) Series Switches Optical Network Terminal (ONT).  

“Multiple vulnerabilities in the web-based management interface of the Cisco Catalyst Passive Optical Network (PON) Series Switches Optical Network Terminal (ONT) could allow an unauthenticated, remote attacker to perform the following actions:

• Log in with a default credential if the Telnet protocol is enabled
• Perform command injection
• Modify the configuration” reads the advisory published by the company.

A remote attacker can exploit the flaw in the flaw in the Telnet service of Cisco Catalyst PON Series Switches ONT to log in to the affected device by using a debugging account with a hardcoded password.

“A vulnerability in the Telnet service of Cisco Catalyst PON Series Switches ONT could allow an unauthenticated, remote attacker to log in to the affected device by using a debugging account that has a default, static password,” the continues the advisory.

The Telnet service is not enabled by default and the issue could be exploited only on devices configured to allow Telnet connections.

The vulnerability received a CVSS score of 10/10, it affects the following Catalyst PON switches:

• CGP-ONT-1P;
• CGP-ONT-4P;
• CGP-ONT-4PV;
• CGP-ONT-4PVC;
• CGP-ONT-4TVCW.

Catalyst PON Switch CGP-OLT-8T and Catalyst PON Switch CGP-OLT-16T are not affected.

The second critical vulnerability, tracked as CVE-2021-40119, resides in the key-based SSH authentication mechanism of Cisco Policy Suite.

“A vulnerability in the key-based SSH authentication mechanism of Cisco Policy Suite could allow an unauthenticated, remote attacker to log in to an affected system as the root user.” reads the advisory published by the IT firm.

“This vulnerability is due to a weakness in the SSH subsystem of an affected system. An attacker could exploit this vulnerability by connecting to an affected device through SSH. A successful exploit could allow the attacker to log in to an affected system as the root user.”

Cisco Policy Suite software releases 21.2.0 and later will automatically create new SSH keys during the install process but not during upgrades.

To generate new SSH keys and propagate them to all machines, you can use the steps detailed in the Fixed Releases section of Cisco’s advisory.

Cisco’s Product Security Incident Response Team (PSIRT) is not aware of attacks in the wild exploiting the above issues.

US CISA also published a security advisory recommending users and administrators to review Cisco’s advisories.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, hardcoded credentials)

[adrotate banner=”5″]

[adrotate banner=”13″]