Sigh. Cisco security kit has Java deserialisation bug and a default password SNAFU
Two critical vulnerabilities among 20 patches
Cisco's security developers have served up a parcel of patches.
First up, there's a gem in Switchzilla's Secure Access Control System. The ACS (which ceased sale in August 2017) is a hardware-based login gatekeeper, and it's got a remotely-pwnable Java deserialisation bug.
Cisco's notice for CVE-2018-0147 says an attacker could exploit the bug with a crafted Java object, and gain root privilege.
The bug affects all units running software up to version 5.8 patch 9, and fortunately while no longer sold, the Secure ACS is still in support, so Cisco has shipped patched software.
The other critical-rated bug is in the Cisco Prime Collaboration provisioning system: it has a hard-coded password in its SSH implementation, CVE-2018-0141.
The advisory says an attacker could use the SSH connection to get access to the underlying Linux operating system as a low-privilege user, and then elevate themselves to root to completely control the system.
The bug is only present in Cisco Prime Collaboration Provisioning Software Release 11.6, and there's a fix available.
Today's advisory list contains another 20 lower-rated bugs – enjoy. ®