Lumension® Endpoint Intelligence Center

Intelligence Center » News Archive » Running Cisco's VoIP manager? Four words you don't want to hear: 'Backdoor SSH root key'

Running Cisco's VoIP manager? Four words you don't want to hear: 'Backdoor SSH root key'

2014/07/02

The Register - (International) Cisco warned users of its Unified Communications installations that a vulnerability exists in its Unified Communications Domain Manager (Unified CDM) software that can allow an unauthenticated attacker to gain root access by exploiting a default SSH key designed for use by Cisco support representatives. The vulnerability is present in all versions of Cisco Unified CDM prior to version 4.4.2 and users were advised to update the software, or to filter SSH access as a stopgap measure.

Source: http://www.theregister.co.uk/2014/07/02/cisco_you_cant_just_leave_your_ssh_keys_lying_around/

Note: This news synopsis is taken from the DHS Daily Open Source Infrastructure Report, a daily [Monday through Friday, except US Federal holidays] summary of open-source published information concerning significant critical infrastructure issues; a 10-day archive of the DOSIR can be found at: http://www.dhs.gov/dhs-daily-open-source-infrastructure-report.


Last Updated: 27 May 2016 10:20:48