Casa > cibernético Notícias > CVE-2018-0141 Cisco Vulnerability Could Lead to Full System Control
CYBER NEWS

CVE-2018-0141 Vulnerabilidade Cisco pode levar ao controle total do sistema

CVE-2018-0141 has been identified as the latest vulnerability in Cisco’s Prime Collaboration Provisioning (PCP) Programas. Pelo visto, the software has a hardcoded password that could be leveraged by hackers aiming to obtain full control of the system. Além do mais, hackers could even be able to elevate privileges to root, security researchers said.

Story relacionado: Cisco corrige software ASA contra CVE-2016-1385, CVE-2016-1379

CVE-2018-0141 Cisco Vulnerability Details

The flaw affects PCP version 11.6, and fortunately a patch is already available. Users are urged to upgrade immediately.

Here is the official description of the vulnerability:

A vulnerability in Cisco Prime Collaboration Provisioning (PCP) Programas 11.6 could allow an unauthenticated, local attacker to log in to the underlying Linux operating system. The vulnerability is due to a hard-coded account password on the system. An attacker could exploit this vulnerability by connecting to the affected system via Secure Shell (SSH) using the hard-coded credentials.

além disso, a successful exploit could allow the hacker to access the underlying operating system as a low-privileged user. After low-level privileges are obtained, the hacker could elevate to root privileges and take full control of the targeted system, pesquisadores explicaram.

Como já mencionado, the issue is fixed – more specifically in releases 12.1 e depois. De acordo com Cisco, the bug was detected during internal security testing. Não obstante, it is the second critical bug discovered in Cisco’s software recently, along with a whole list of medium impact bugs that the company revelou in a security advisory.

Story relacionado: CVE-2017-3881 afeta mais de 300 Cisco Switches

Critical vulnerabilities in Cisco products were also disclosed throughout 2017, such as CVE-2017-3881the identifier of a critical vulnerability affecting more than 300 Switches Cisco e um gateway. A exploração da falha pode levar os invasores a obter controle sobre os dispositivos correspondentes.

Cisco came across CVE-2017-3881 while going through WikiLeak’s Vault 7 data dump. The bug was present in the Cluster Management Protocol processing code in Cisco IOS and Cisco IOS XE Software.

Milena Dimitrova

Milena Dimitrova

Um escritor inspirado e gerente de conteúdo que está com SensorsTechForum desde o início do projeto. Um profissional com 10+ anos de experiência na criação de conteúdo envolvente. Focada na privacidade do usuário e desenvolvimento de malware, ela acredita fortemente em um mundo onde a segurança cibernética desempenha um papel central. Se o senso comum não faz sentido, ela vai estar lá para tomar notas. Essas notas podem mais tarde se transformar em artigos! Siga Milena @Milenyim

mais Posts

Me siga:
Twitter

Deixe um comentário

seu endereço de e-mail não será publicado. Campos obrigatórios são marcados *

Compartilhar no Facebook Compartilhar
Carregando...
Compartilhar no Twitter chilrear
Carregando...
Compartilhar no Google Plus Compartilhar
Carregando...
Partilhar no Linkedin Compartilhar
Carregando...
Compartilhar no Digg Compartilhar
Compartilhar no Reddit Compartilhar
Carregando...
Partilhar no StumbleUpon Compartilhar
Carregando...