James Thew - Fotolia
Cisco recently patched a hardcoded password vulnerability in its Prime Collaboration Provisioning software. What does this software do and how could attackers exploit this vulnerability?
Cisco Prime Collaboration Provisioning (PCP) software provides a single interface on a Linux system to administer policy-based provisioning of Cisco Unified Communications and Cisco TelePresence users and services.
Cisco Unified Communications allows users to access voice, video, data and mobile applications through their network connections. Cisco TelePresence can be used to link physically separated rooms into a single virtual conference room, enabling participants to collaborate from different locations.
The provisioning software includes a module that enables users to change their media and location preferences so IT overhead can be reduced. These users have, until now, unknowingly relied on a hardcoded password to gain access to the system in order to modify their preferences. The default password was encoded into the software image and could not be changed by users or administrators.
An attacker with local access to Cisco PCP Software version 11.6 or later can log in using the hardcoded password to connect to the vulnerable system via Secure Shell (SSH); Cisco patched the vulnerability in version 12.1. SSH is installed by default in Unix family operating systems, including macOS and Linux. The attacker could also log in to a Linux server from a Windows machine using PuTTY, an open source SSH client.
After gaining low-level privileges, the attacker could then elevate to root privileges and take over the controls of the underlying operating system and maliciously change media applications in use in the virtual conference -- and conference participants wouldn't know that they might be observed or that their data is at risk of being recorded by an attacker.
While this vulnerability can only be exploited by attackers who already have local access to the system, there are no workarounds for the affected provisioning software, and users are urged to update to Cisco PCP 12.1 and later.
Ask the expert:
Want to ask Judith Myerson a question about security? Submit your question now via email. (All questions are anonymous.)
Dig Deeper on Emerging cyberattacks and threats
Related Q&A from Judith Myerson
Bluetooth devices might be at risk after a new Bluetooth vulnerability was found targeting firmware and operating system software drivers. Learn how ... Continue Reading
Kea, an open source DHCP server, was issued a medium security advisory for a flaw that causes memory leakage in version 1.4.0. Discover the ... Continue Reading
ES&S admitted it installed the insecure remote access program pcAnywhere on election management systems. Learn what pcAnywhere is and what this risk ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.