The hardcoded credentials (CVE-2018-0329) resides in the read-only SNMP community string in the configuration file of the SNMP daemon, they could be exploited by attackers to read any data that is accessible via SNMP on the affected device.
“A vulnerability in the default configuration of the Simple Network Management Protocol (SNMP) feature of Cisco Wide Area Application Services (WAAS) Software could allow an unauthenticated, remote attacker to read data from an affected device via SNMP.” states the security advisory published by Cisco.
“The vulnerability is due to a hard-coded, read-only community string in the configuration file for the SNMP daemon. An attacker could exploit this vulnerability by using the static community string in SNMP version 2c queries to an affected device.”
There are no workarounds that address this vulnerability.
The SNMP community string is hidden from administrators this means that there was no way to see the find the vulnerability during regular audits of the architecture.
The flaw was reported by the security researcher Aaron Blair while investigating the CVE-2018-0352 WaaS vulnerability, a flaw that affects the Cisco Wide Area Application Services Software Disk Check Tool that could lead privilege escalation.
“A vulnerability in the Disk Check Tool (disk-check.sh) for Cisco Wide Area Application Services (WAAS) Software could allow an authenticated, local attacker to elevate their privilege level to root. The attacker must have valid user credentials with super user privileges (level 15) to log in to the device.” reads the security advisory.
“The vulnerability is due to insufficient validation of script files executed in the context of the Disk Check Tool. An attacker could exploit this vulnerability by replacing one script file with a malicious script file while the affected tool is running. A successful exploit could allow the attacker to gain root-level privileges and take full control of the device.”
This CVE-2018-0352 vulnerability was a privilege escalation in the WaaS disk check tool, Blair exploited it to elevate his privilege to “root,” an access level that allowed him to discoverer the hidden SNMP community string inside the /etc/snmp/snmpd.conf file.
Unfortunately, hardcoded credentials and undocumented accounts are not uncommon in Cisco appliance, the company addressed similar issues in the Prime Collaboration Provisioning (PCP), in the CISCO IOS XE operating system, and the Digital Network Architecture (DNA) Center.
[adrotate banner=”9″] | [adrotate banner=”12″] |
(Security Affairs – CISCO, hardcoded credentials)
[adrotate banner=”5″]
[adrotate banner=”13″]
The Treasury Department's Office of Foreign Assets Control (OFAC) sanctioned four Iranian nationals for their…
A cyber attack on Leicester City Council resulted in certain street lights remaining illuminated all…
The National Police Agency in South Korea warns that North Korea-linked threat actors are targeting…
The U.S. Department of State imposed visa restrictions on 13 individuals allegedly linked to the…
A cyber attack has been disrupting operations at Synlab Italia, a leading provider of medical…
Russia-linked APT28 group used a previously unknown tool, dubbed GooseEgg, to exploit Windows Print Spooler…
This website uses cookies.