James Thew - Fotolia
How can a hardcoded password vulnerability affect Cisco PCP?
Cisco patched a hardcoded password vulnerability found in their PCP software. Learn how the software works and how attackers can exploit this vulnerability with Judith Myerson.
Cisco recently patched a hardcoded password vulnerability in its Prime Collaboration Provisioning software. What does this software do and how could attackers exploit this vulnerability?
Cisco Prime Collaboration Provisioning (PCP) software provides a single interface on a Linux system to administer policy-based provisioning of Cisco Unified Communications and Cisco TelePresence users and services.
Cisco Unified Communications allows users to access voice, video, data and mobile applications through their network connections. Cisco TelePresence can be used to link physically separated rooms into a single virtual conference room, enabling participants to collaborate from different locations.
The provisioning software includes a module that enables users to change their media and location preferences so IT overhead can be reduced. These users have, until now, unknowingly relied on a hardcoded password to gain access to the system in order to modify their preferences. The default password was encoded into the software image and could not be changed by users or administrators.
An attacker with local access to Cisco PCP Software version 11.6 or later can log in using the hardcoded password to connect to the vulnerable system via Secure Shell (SSH); Cisco patched the vulnerability in version 12.1. SSH is installed by default in Unix family operating systems, including macOS and Linux. The attacker could also log in to a Linux server from a Windows machine using PuTTY, an open source SSH client.
After gaining low-level privileges, the attacker could then elevate to root privileges and take over the controls of the underlying operating system and maliciously change media applications in use in the virtual conference -- and conference participants wouldn't know that they might be observed or that their data is at risk of being recorded by an attacker.
While this vulnerability can only be exploited by attackers who already have local access to the system, there are no workarounds for the affected provisioning software, and users are urged to update to Cisco PCP 12.1 and later.
Ask the expert:
Want to ask Judith Myerson a question about security? Submit your question now via email. (All questions are anonymous.)