Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Default SSH Private Key Exposes Cisco’s VoIP Manager to Remote Attack

Multiple Vulnerabilities Found in Cisco’s VoIP Manager

Multiple Vulnerabilities Found in Cisco’s VoIP Manager

Cisco’s enterprise call and session management platform Cisco Unified Communications Domain Manager (Unified CDM) is plagued by three vulnerabilities, the company announced on Wednesday.

The first vulnerability (CVE-2014-2198), could be exploited by an unauthenticated, remote attacker to connect to the affected system with root privileges, Cisco warned. The cause is a flaw in the implementation of the framework that’s used by Cisco support representatives to access the platform software. More precisely, a default SSH private key that’s stored on the system in an insecure way could be obtained by an attacker by reverse engineering the binary file of the operating system, Cisco said in its advisory.

“Having the same key on all systems is mistake number one, but wouldn’t be fatal if the secret key would have been tugged away in Cisco’s special safedeposit box. Instead, they left the secret key on customer systems as well. So in other words: If you own one of the systems, you got the key to access all of them,” said Johannes Ullrich, the dean of research for the SANS Technology Institute. “Filtering SSH access to the device at your border is a good first step to protect yourself if you can’t patch right away.”

The second vulnerability (CVE-2014-2197) affecting Cisco Unified CDM is a privilege escalation flaw in the product’s web framework. According to Cisco, the weakness is caused by improper implementation of authentication and authorization controls in the administration graphical user interface (GUI).

“An attacker could exploit this vulnerability by submitting a crafted URL to change the administrative credentials of a user. The attacker needs to be authenticated to the system or convince a valid user of the Administration GUI to click a malicious link,” Cisco explained.

An unauthorized data manipulation vulnerability affecting the Cisco Unified CDM BVSMWeb portal (CVE-2014-3300) has also been found. The bug can be leveraged by a remote, unauthenticated attacker to access and change user information in the BVSMWeb portal, including settings in the personal phone directory, call forward settings, speed dials, and the Single Number Reach feature.
 
“The vulnerability is due to improper implementation of authentication and authorization controls when accessing some web pages of the BVSMWeb portal. An attacker could exploit this vulnerability by submitting a crafted URL to the affected system,” Cisco said.

Cisco released patches for the default SSH key and privilege escalation vulnerabilities. While a permanent fix is being developed for the unauthorized data manipulation issue, the company advises customers to provide services via the Unified CDM and the Unified CDM Self-Care portal, instead of the Cisco Unified CDM BVSMWeb portal.

The United States Computer Emergency Readiness Team (US-CERT) has also published a short security advisory to warn organizations about these vulnerabilities.

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Email Security

Microsoft is urging customers to install the latest Exchange Server updates and harden their environments to prevent malicious attacks.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Vulnerabilities

Security researchers have observed an uptick in attacks targeting CVE-2021-35394, an RCE vulnerability in Realtek Jungle SDK.

Vulnerabilities

Google has awarded more than $25,000 to the researchers who reported the vulnerabilities patched with the release of the latest Chrome update.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.