Feeds

Running Cisco's VoIP manager? Four words you don't want to hear: 'Backdoor SSH root key'

Hardwired login in Unified Comms Domain Manager

Reducing the cost and complexity of web vulnerability management

Cisco has warned Unified Communications installations can be remotely hijacked by miscreants, thanks to a hardwired SSH private key.

In an advisory, the networking giant said unauthenticated attackers can log into its Unified Communications Domain Manager (Unified CDM) software as a root-level user by exploiting a default SSH key meant for Cisco support reps. The key is embedded in the software, and can be extracted by reverse engineering the Unified CDM's binary.

"This will allow the attacker to connect by using the support account to the system without requiring any form of authentication," Cisco warned.

"An exploit could allow the attacker to gain access to the system with the privileges of the root user."

The vulnerability is said to be present in all versions of Cisco Unified CDM prior to version 4.4.2. The Unified CDM is part of a package Cisco and OEMs offer for large-scale enterprise and service-provider unified communications systems. It's used to manage VoIP, corporate chat and similar things at big outfits.

Dr Johannes Ullrich of the Sans Institute said that the SSH flaw poses a particular threat as it leaves attackers with a backdoor to access vulnerable networks.

"Having the same key on all systems is mistake number one, but wouldn't be fatal if the secret key would have been tugged away in Cisco's special safe deposit box," Ullrich explained.

"Instead, they left the secret key on customer systems as well. So in other words: If you own one of the systems, you got the key to access all of them."

Ullrich advises that companies make sure their Unified CDM software is updated with a patch from Cisco, and in the meantime the flaw can be mitigated by filtering SSH access to at-risk systems.

The remaining two flaws in the advisory include an elevation of privilege vulnerability in the administration GUI, and a data manipulation vulnerability that could allow an attacker to remotely tamper with some user account settings. Those flaws can also be remedied by updating to the latest version of Unified CDM. ®

Choosing a cloud hosting partner with confidence

More from The Register

next story
Wanna keep your data for 1,000 YEARS? No? Hard luck, HDS wants you to anyway
Combine Blu-ray and M-DISC and you get this monster
US boffins demo 'twisted radio' mux
OAM takes wireless signals to 32 Gbps
No biggie: EMC's XtremIO firmware upgrade 'will wipe data'
But it'll have no impact and will be seamless, we're told
Microsoft's Office Delve wants work to be more like being on Facebook
Office Graph, social features for Office 365 going public
Apple flops out 2FA for iCloud in bid to stop future nude selfie leaks
Millions of 4chan users howl with laughter as Cupertino slams stable door
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.