Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Default SSH Private Key Exposes Cisco’s VoIP Manager to Remote Attack

Multiple Vulnerabilities Found in Cisco’s VoIP Manager

Multiple Vulnerabilities Found in Cisco’s VoIP Manager

Cisco’s enterprise call and session management platform Cisco Unified Communications Domain Manager (Unified CDM) is plagued by three vulnerabilities, the company announced on Wednesday.

The first vulnerability (CVE-2014-2198), could be exploited by an unauthenticated, remote attacker to connect to the affected system with root privileges, Cisco warned. The cause is a flaw in the implementation of the framework that’s used by Cisco support representatives to access the platform software. More precisely, a default SSH private key that’s stored on the system in an insecure way could be obtained by an attacker by reverse engineering the binary file of the operating system, Cisco said in its advisory.

“Having the same key on all systems is mistake number one, but wouldn’t be fatal if the secret key would have been tugged away in Cisco’s special safedeposit box. Instead, they left the secret key on customer systems as well. So in other words: If you own one of the systems, you got the key to access all of them,” said Johannes Ullrich, the dean of research for the SANS Technology Institute. “Filtering SSH access to the device at your border is a good first step to protect yourself if you can’t patch right away.”

The second vulnerability (CVE-2014-2197) affecting Cisco Unified CDM is a privilege escalation flaw in the product’s web framework. According to Cisco, the weakness is caused by improper implementation of authentication and authorization controls in the administration graphical user interface (GUI).

“An attacker could exploit this vulnerability by submitting a crafted URL to change the administrative credentials of a user. The attacker needs to be authenticated to the system or convince a valid user of the Administration GUI to click a malicious link,” Cisco explained.

An unauthorized data manipulation vulnerability affecting the Cisco Unified CDM BVSMWeb portal (CVE-2014-3300) has also been found. The bug can be leveraged by a remote, unauthenticated attacker to access and change user information in the BVSMWeb portal, including settings in the personal phone directory, call forward settings, speed dials, and the Single Number Reach feature.
 
“The vulnerability is due to improper implementation of authentication and authorization controls when accessing some web pages of the BVSMWeb portal. An attacker could exploit this vulnerability by submitting a crafted URL to the affected system,” Cisco said.

Cisco released patches for the default SSH key and privilege escalation vulnerabilities. While a permanent fix is being developed for the unauthorized data manipulation issue, the company advises customers to provide services via the Unified CDM and the Unified CDM Self-Care portal, instead of the Cisco Unified CDM BVSMWeb portal.

Advertisement. Scroll to continue reading.

The United States Computer Emergency Readiness Team (US-CERT) has also published a short security advisory to warn organizations about these vulnerabilities.

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn how the LOtL threat landscape has evolved, why traditional endpoint hardening methods fall short, and how adaptive, user-aware approaches can reduce risk.

Watch Now

Join the summit to explore critical threats to public cloud infrastructure, APIs, and identity systems through discussions, case studies, and insights into emerging technologies like AI and LLMs.

Register

People on the Move

Matthew Cowell has assumed the role of VP of Strategic Alliances at Nozomi Networks. He previously served in the same role at Dragos.

Bret Arsenault is retiring from his full-time role after 35 years at Microsoft.

Social engineering defense platform Doppel has appointed Bobby Ford as Chief Strategy and Experience Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.