CVE-2018-0141 Cisco Vulnerability Could Lead to Full System Control

CVE-2018-0141 Cisco Vulnerability Could Lead to Full System Control

CVE-2018-0141 has been identified as the latest vulnerability in Cisco’s Prime Collaboration Provisioning (PCP) software. Apparently, the software has a hardcoded password that could be leveraged by hackers aiming to obtain full control of the system. On top of this, hackers could even be able to elevate privileges to root, security researchers said.

Related Story: Cisco Patches ASA Software against CVE-2016-1385, CVE-2016-1379

CVE-2018-0141 Cisco Vulnerability Details

The flaw affects PCP version 11.6, and fortunately a patch is already available. Users are urged to upgrade immediately.

Here is the official description of the vulnerability:

A vulnerability in Cisco Prime Collaboration Provisioning (PCP) Software 11.6 could allow an unauthenticated, local attacker to log in to the underlying Linux operating system. The vulnerability is due to a hard-coded account password on the system. An attacker could exploit this vulnerability by connecting to the affected system via Secure Shell (SSH) using the hard-coded credentials.

Furthermore, a successful exploit could allow the hacker to access the underlying operating system as a low-privileged user. After low-level privileges are obtained, the hacker could elevate to root privileges and take full control of the targeted system, researchers explained.

As already mentioned, the issue is fixed – more specifically in releases 12.1 and later. According to Cisco, the bug was detected during internal security testing. Nonetheless, it is the second critical bug discovered in Cisco’s software recently, along with a whole list of medium impact bugs that the company revealed in a security advisory.

Related Story: CVE-2017-3881 Affects More than 300 Cisco Switches

Critical vulnerabilities in Cisco products were also disclosed throughout 2017, such as CVE-2017-3881 – the identifier of a critical vulnerability affecting more than 300 Cisco switches and one gateway. The exploitation of the flaw could lead to attackers obtaining control over the corresponding devices.

Cisco came across CVE-2017-3881 while going through WikiLeak’s Vault 7 data dump. The bug was present in the Cluster Management Protocol processing code in Cisco IOS and Cisco IOS XE Software.

Milena Dimitrova

An inspired writer, focused on user privacy and malicious software. Enjoys 'Mr. Robot' and fears '1984'.

More Posts - Website

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...