Cisco Unified CDM platform open to cyber attacks

Pierluigi Paganini July 05, 2015

Cisco Unified CDM software contains a privileged account with a static password that cannot be changed, by using it an attacker can control the platform.

A default privileged account with a static password that cannot be changed affect the  Cisco Unified Communications Domain Manager (Cisco Unified CDM) opening the platform for remote attacks.

The Cisco Unified CDM is the UC domain manager within Cisco Hosted Collaboration Solution (HCS). It empowers automation and administrative functions for the Cisco Unified Communications Manager, Cisco Unity Connection, Cisco Jabber applications, associated phones and software clients.

Cisco Unified CDM

Cisco is not aware of the flaw being exploited in the wild by threat actors.

Releases prior to 4.4.5 of Cisco Unified Communications Domain Manager Platform Software for Cisco Unified CDM version 8.x are affected by this flaw, meanwhile Cisco Unified Communications Domain Manager version 10.x is not affected because it does not contain the affected platform software.

“A vulnerability in the Cisco Unified Communications Domain Manager Platform Software could allow an unauthenticated, remote attacker to login with the privileges of the root user and take full control of the affected system.” Cisco reports in a security advisory.

“The vulnerability occurs because a privileged account has a default and static password. This account is created at installation and cannot be changed or deleted without impacting the functionality of the system. An attacker could exploit this vulnerability by remotely connecting to the affected system via SSH using this account. An exploit could allow the attacker to take full control over the affected system.”

AS confirmed by Cisco the account is created in the installation phase and cannot be changed or removed without affecting the Cisco Unified CDM functionality.

The exploitation of the flaw could allow a remote attacker to connect the Cisco Unified CDM platform via SSH and log in by using this account with root privileges. This would provide the attacker full control over a Cisco Unified CDM platform.

The exploitation of the vulnerability is easy and can lead to the hacking of the platform and data it manages.

Cisco scored the severity of the flaw as 10, which is the highest possible severity score, the Common Vulnerability Scoring System Base Score.

Cisco has fixed the flaw in the Cisco Unified CDM platform, Cisco has released free software updates to solve the problem. This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150701-cucdm

It is not the first time that a product is offered on the market and is affected by such kind of security issues, it is very common to find hard-coded administrative credentials or SSH keys.

A couple of weeks ago security experts at Cisco revealed the existence of a default SSH key in many security appliances.

Pierluigi Paganini

(Security Affairs – Cisco Unified CDM, hacking)



you might also like

leave a comment