Cisco recently patched a hardcoded password vulnerability in its Prime Collaboration Provisioning software. What...
does this software do and how could attackers exploit this vulnerability?
Cisco Prime Collaboration Provisioning (PCP) software provides a single interface on a Linux system to administer policy-based provisioning of Cisco Unified Communications and Cisco TelePresence users and services.
Cisco Unified Communications allows users to access voice, video, data and mobile applications through their network connections. Cisco TelePresence can be used to link physically separated rooms into a single virtual conference room, enabling participants to collaborate from different locations.
The provisioning software includes a module that enables users to change their media and location preferences so IT overhead can be reduced. These users have, until now, unknowingly relied on a hardcoded password to gain access to the system in order to modify their preferences. The default password was encoded into the software image and could not be changed by users or administrators.
An attacker with local access to Cisco PCP Software version 11.6 or later can log in using the hardcoded password to connect to the vulnerable system via Secure Shell (SSH); Cisco patched the vulnerability in version 12.1. SSH is installed by default in Unix family operating systems, including macOS and Linux. The attacker could also log in to a Linux server from a Windows machine using PuTTY, an open source SSH client.
After gaining low-level privileges, the attacker could then elevate to root privileges and take over the controls of the underlying operating system and maliciously change media applications in use in the virtual conference -- and conference participants wouldn't know that they might be observed or that their data is at risk of being recorded by an attacker.
While this vulnerability can only be exploited by attackers who already have local access to the system, there are no workarounds for the affected provisioning software, and users are urged to update to Cisco PCP 12.1 and later.
Ask the expert:
Want to ask Judith Myerson a question about security? Submit your question now via email. (All questions are anonymous.)
Dig Deeper on Emerging cyberattacks and threats
Related Q&A from Judith Myerson
The CVE-2018-0886 vulnerability found within Microsoft's CredSSP was recently patched. Discover what this vulnerability is and how it affects the ... Continue Reading
Developers use text editors to enhance efficiency in the workplace even though they require vulnerable third-party plug-ins. Discover these ... Continue Reading
Researchers recently discovered Mosquito -- an air-gapped attack that bites computers to put air-gapped networks at risk. Discover the logistics of ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.