Cisco Removes Backdoor Account, Fourth in the Last Four Months

  • 0

Cisco Removes Backdoor Account, Fourth in the Last Four Months

Category : Blog

Cisco Removes Backdoor Account, Fourth in the Last Four Months

Cisco is the largest networking company in the world. The stock was added to the Dow Jones Industrial Average on June 8, 2009, and is also included in the S&P 500 Index, the Russell 1000 Index, NASDAQ-100 Index and the Russell 1000 Growth Stock Index.

For the fourth time in as many months, Cisco has removed hardcoded credentials that were left inside one of its products, which an attacker could have exploited to gain access to devices and inherently to customer networks.

This time around, the hardcoded password was found in Cisco’s Wide Area Application Services (WAAS), which is a software package that runs on Cisco hardware that can optimize WAN traffic management.

 

Cisco

 

Harcoded SNMP community string

This backdoor mechanism (CVE-2018-0329) was in the form of a hardcoded, read-only SNMP community string in the configuration file of the SNMP daemon.

SNMP stands for Simple Network Management Protocol, an Internet protocol for collecting data about and from remote devices. The community string was there so SNMP servers knowing the string’s value could connect to the remote Cisco device and gather statistics and system information about it.

 

SNMP

 

Hardcoded creds is invisible to device owners

Making matters worse, this SNMP community string is hidden from device owners, even from the ones with an admin account, meaning they couldn’t have located it on their own during regular security audits.

The string came to light by accident, while security researcher Aaron Blair from RIoT Solutions was researching another WaaS vulnerability (CVE-2018-0352).

This second vulnerability was a privilege escalation in the WaaS disk check tool that allowed Blair to elevate his account’s access level from “admin” to “root.” Normally, Cisco users are permitted only admin access. The root user level grants access to the underlying OS files and is typically reserved only for Cisco engineers.

 

vulnerability

 

WaaS updates released to remove hardcoded SNMP creds

The researcher reported the issue to Cisco in March. Cisco released updates for WaaS this week. There are no mitigations or workarounds for avoiding the exploitation, and users must apply the WaaS software updates.

The Cisco WaaS patches are part of a batch of 28 security fixes that Cisco released on June 6, this week.

Twice in March and again in May, Cisco removed other similar backdoor accounts and mechanisms in other software such as the Prime Collaboration Provisioning (PCP), the IOS XE operating system, and the Digital Network Architecture (DNA) Center. Unlike this latest issues, the first three were discovered by Cisco engineers during internal audits.

 

WaaS

 

 

Highest Selling Technical Courses of Indian Cyber Security Solutions:

Certified Ethical Hacker Training in Bhubaneswar

Ethical Hacking Training in Bhubaneswar

Certified Ethical Hacker Training in Bangalore

Ethical Hacking Training in Bangalore

Certified Ethical Hacker Training in Hyderabad

Ethical Hacking Training in Hyderabad

Python Training in Bangalore

Python Training in Hyderabad

Python Training in Bhubaneswar

Microsoft Azure Training in Hyderabad

Microsoft Azure Training in Bangalore

Microsoft Azure Training in Bhubaneswar

Networking Training in Bangalore

Networking Training in Hyderabad

Networking Training in Bhubaneswar

Advance Python Training in Hyderabad

Advance Python Training in Bangalore

Advance Python Training in Bhubaneswar

Amazon Web Services Training in Hyderabad

Amazon Web Services Training in Bangalore

Amazon Web Services Training in Bhubaneswar

Certified Ethical Hacker Certification – C | EH v10

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Testing training

Ethical Hacking  training

Python Programming training

Android Training in Bangalore

Android Training in Hyderabad

Android Training in Bhubaneswar

Diploma in Network Security Training

Android Development  training

Secured Coding in Java

Certified Network Penetration Tester 

Diploma in Web Application Security 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 

 

Cybersecurity services that can protect your company:

Web Security | Web Penetration Testing

Network Penetration Testing – NPT

Android App Penetration Testing

Source Web Development

Source Code Review

Android App Development

Digital Marketing Consultancy

Data Recovery

 

Other Location for Online Courses:

Bhubaneswar

Bangalore

Hyderabad

 


Leave a Reply

Show Buttons
Hide Buttons