CVE-2018-0141 has been identified as the latest vulnerability in Cisco’s Prime Collaboration Provisioning (PCP) Programas. Pelo visto, the software has a hardcoded password that could be leveraged by hackers aiming to obtain full control of the system. Além do mais, hackers could even be able to elevate privileges to root, security researchers said.
CVE-2018-0141 Cisco Vulnerability Details
The flaw affects PCP version 11.6, and fortunately a patch is already available. Users are urged to upgrade immediately.
Here is the official description of the vulnerability:
A vulnerability in Cisco Prime Collaboration Provisioning (PCP) Programas 11.6 could allow an unauthenticated, local attacker to log in to the underlying Linux operating system. The vulnerability is due to a hard-coded account password on the system. An attacker could exploit this vulnerability by connecting to the affected system via Secure Shell (SSH) using the hard-coded credentials.
além disso, a successful exploit could allow the hacker to access the underlying operating system as a low-privileged user. After low-level privileges are obtained, the hacker could elevate to root privileges and take full control of the targeted system, pesquisadores explicaram.
Como já mencionado, the issue is fixed – more specifically in releases 12.1 e depois. De acordo com Cisco, the bug was detected during internal security testing. Não obstante, it is the second critical bug discovered in Cisco’s software recently, along with a whole list of medium impact bugs that the company revelou in a security advisory.
Critical vulnerabilities in Cisco products were also disclosed throughout 2017, such as CVE-2017-3881 – the identifier of a critical vulnerability affecting more than 300 Switches Cisco e um gateway. A exploração da falha pode levar os invasores a obter controle sobre os dispositivos correspondentes.
Cisco came across CVE-2017-3881 while going through WikiLeak’s Vault 7 data dump. The bug was present in the Cluster Management Protocol processing code in Cisco IOS and Cisco IOS XE Software.