Virtual Event Today: Cloud & Data Security Summit - Join Event In-Progress
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Identity & Access

Default Account, Debug Tool Expose Cisco Prime Users to Attacks

Cisco informed customers this week that its Prime Data Center Network Manager (DCNM) is affected by two critical vulnerabilities that can be exploited for remote code execution and to access the product’s administrative console.

Cisco informed customers this week that its Prime Data Center Network Manager (DCNM) is affected by two critical vulnerabilities that can be exploited for remote code execution and to access the product’s administrative console.

One of the flaws, tracked as CVE-2017-6639, is related to the lack of authentication and authorization for a debugging tool that was inadvertently left enabled.

A remote, unauthenticated attacker can exploit the vulnerability to access sensitive information or execute arbitrary code with root privileges by connecting to the debugging tool via TCP.

The security hole affects Cisco Prime DCNM releases 10.1(1) and 10.1(2) for Windows, Linux and virtual appliances.

The second Prime DCNM vulnerability, identified as CVE-2017-6640, exists due to a default user account protected by a static password. An attacker who can remotely connect to the affected system can use this account to gain privileged access to the server’s administration interface.

The networking giant said this flaw only affects Prime DCNM running software version 10.2(1) for Windows, Linux and virtual appliances.

Advertisement. Scroll to continue reading.

Both DCNM vulnerabilities were disclosed to Cisco by Antonius Mulder of Commonwealth Bank of Australia and there is no evidence that they have been exploited in the wild. The flaws have been patched with the release of version 10.2(1), but workarounds are not available.

Cisco has also published an advisory for a high severity local privilege escalation vulnerability affecting AnyConnect Secure Mobility Client for Windows versions prior to 4.4.02034. The security hole, reported by Felix Wilhelm of ERNW, allows a local attacker to install and execute a file with SYSTEM privileges.

Another advisory describes a high severity denial-of-service (DoS) vulnerability in the Session Initiation Protocol (SIP) of the Cisco TelePresence Codec (TC) and Collaboration Endpoint (CE) software. A remote, unauthenticated attacker can exploit this flaw to cause a DoS condition by sending a flood of SIP INVITE packets to the vulnerable device.

The weakness, reported to Cisco by Knud Hojgaard of F-Secure, affects several TelePresence MX, Profile, SX, System Profile MXP, System EX, and Integrator C series products. Two Collaboration Desk Endpoint DX series devices are also impacted.

Related: Cisco Fixes Severe Flaws in Prime Collaboration Product

Related: Critical Cisco Prime Home Flaw Allows Authentication Bypass

Related: Actively Exploited Struts Flaw Affects Cisco Products

Written By

Eduard Kovacs (@EduardKovacs) is senior managing editor at SecurityWeek. He worked as a high school IT teacher before starting a career in journalism in 2011. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this live webinar as we break down why email-layer defenses alone can't keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more.

Register

This year's summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments.

Register

People on the Move

Jazz has named Sean Robinson, Rickie Goyal, Danielle Guetta, Shani Nago, and Lior Magram as VPs and Michael Calev as COO.

AJ Shipley has been appointed Chief Product Officer at CrowdStrike.

Brinqa has named Ron Dovich as Chief AI and Automation Officer, David Allen as CTO, Steve Biagioni as CFO, and James Walta as VP of Product.

More People On The Move

Expert Insights