Today's Hard|Forum Post
Today's Hard|Forum Post

Thursday March 08, 2018

Hardcoded Password Found in Cisco Software

Cisco is constantly releasing security advisories for their products, but the recent advisory has an interesting little tidbit about a hardcoded password. Believe it or not their Prime Collaboration Provisioning software app has a hardcoded password that can be exploited by a local attacker. There is no mitigation for this and Cisco customers are advised to patch the PCP application ASAP. In this day and age I just can't fathom a hardcoded're supposed to be better than that Cisco.

News Image

The reasons are that an attacker can infect another device on the same network and use it as a proxy for his SSH connection to the vulnerable Cisco PCP instance, allowing for remote, over-the-Internet exploitation.

Furthermore, there is a large number of elevation-of-privilege exploits affecting the Linux operating system that an attacker can use and gain root access. Hence, Cisco's decision to classify this flaw as "critical" even with a CVSS score of 5.9 out of a maximum of 10.