Cisco CDM Root Access Wide Open to Hackers
The Cisco Unified Communications Domain Manager (Cisco CDM) is a service delivery and management platform that automates administrative functions for the Unity Connection and Jabber applications. The vulnerability would allow unauthenticated, remote attackers to login with the privileges of the root user. Unfortunately, the account is hard coded into the software installation and has a default, static password.
This exploit allows a hacker to take full control of the system. Furthermore, the static password and account credentials mean you hack one box, you hack them all. A system or network administrator has no work-arounds available to change the software – or the password for that matter. Cisco is not currently aware of the flaw being exploited in the wild. This flaw was discovered as a result of internal testing and part of Cisco’s audit process.
“A vulnerability in the Cisco Unified Communications Domain Manager Platform Software could allow an unauthenticated, remote attacker to login with the privileges of the root user and take full control of the affected system.” – Writes Cisco in a security advisory.
The vulnerability occurs because a privileged account has a default and static password. This account is created at installation and cannot be changed or deleted without impacting the functionality of the system. An attacker could exploit this vulnerability by remotely connecting to the affected system via SSH using this account. An exploit could allow the attacker to take full control over the affected system.
Default root accounts and hard coded, static, passwords are serious security issues. In the advisory, Cisco confirms the Cisco CDM root account cannot be changed or removed without affecting functionality of the underlying software. If exploited remote attackers could connect over SSH and login with administration privileges. This gives the hacker full control over the running production environment.
Cisco rates the impact a 10 of 10 meaning the exploit is easy to attempt and yields high returns. Cisco currently offers a software patch that resolves the issue in releases 4.4.5 and later. Customers running lower versions are advised to contact support for a hotpatch fix. Althought a fix exists it may still take companies weeks or months to implement. Change Control Management is notorious for moving at a glacier’s pace – as we still see many systems in the wild with hanging around with well publicized vulnerabilities.
Images from Ken Wolter @Shutterstock and David.