The Cisco Product Security Incident Response Team (PSIRT) has published two important vulnerability advisories:
- Cisco TelePresence System Integrator C Series and Cisco TelePresence EX Series Device Default Root Account Manufacturing Error
- Cisco Small Business SRP500 Series Command Injection Vulnerability
Cisco TelePresence System Integrator C Series and Cisco TelePresence EX Series Device Default Root Account Manufacturing Error
Software that runs on Cisco TelePresence System Integrator C Series and Cisco TelePresence EX Series devices was updated to include secure default configurations beginning with the TC4.0 release. This change was accompanied by the release of Cisco Security Advisory cisco-sa-20110202-tandberg.
All Cisco TelePresence System Integrator C Series, Cisco TelePresence EX Series, and Cisco TelePresence Quick Set products that were distributed within the designated timeframe are potentially affected. Administrators can determine the status of their device by using the Serial Number Validator located at the following link: http://serialnumbervalidation.com/PSIRT-20111026
The Serial Number Validator tool will indicate if the device was affected when the product was shipped. If a factory reset or software upgrade occurred or certain manual configuration changes were made, the device may not be affected.
Affected devices may have the root account enabled and configured with a well-known default password. This account is intended to be enabled by device administrators when certain debugging actions need to be performed and should be disabled by default.
The vulnerability could allow a remote attacker to take complete control of an affected device. This access may include modifying the configuration or security of the device and could allow the attacker to load arbitrary software on an affected unit.
Cisco Small Business SRP500 Series Command Injection Vulnerability
Cisco Small Business SRP500 Series Services Ready Platforms contain an operating system command injection vulnerability. The vulnerability can be exploited via a remote session to the Services Ready Platform Configuration Utility web interface.
The following Cisco Small Business SRP520 Series models are affected if running firmware prior to version 1.1.24:
- Cisco SRP521W
- Cisco SRP526W
- Cisco SRP527W
The following Cisco Small Business SRP540 Series models are affected if running firmware prior to version 1.2.1:
- Cisco SRP541W
- Cisco SRP546W
- Cisco SRP547W
This vulnerability is documented in Cisco Bug ID CSCtr45124, (registered customers only) and has been assigned Common Vulnerabilities and Exposures (CVE) ID CVE-2011-4005.
For this vulnerability to be exploited, a remote attacker must either entice an administrator to access a crafted link or perform a man-in-the-middle attack, intercepting an authenticated session. The operating system commands that are injected are run in the context of the root user.
Successful exploitation of the vulnerability may result in the execution of arbitrary commands on the device.