LDAP snafu in Cisco Prime
Sysadmins using LDAP for Cisco Prime Collaboration Provisioning have an urgent patch to deal with, and Cisco Firepower users need to get rid of a just-discovered default account.
The critical-rated vulnerability can allow a remote attacker to bypass authentication and get full administrative privileges.
The bug in LDAP authentication affects Cisco Prime Collaboration Provisioning software version 10.6 with Service Pack 2 (SP2). A patch has already hit Cisco's software centre.
The other important security bug-fix just released affects the company's Firepower System Software Release 6.0 running on a variety of appliances.
At installation, the buggy release creates a default account with hard-coded credentials. While it's not an admin-level account, Cisco says a local or remote attacker gets access to enough CLI commands to compromise the device. ®