Hardcoded Password Found in Cisco Enterprise Software, Again

Posted on May 18, 2018

Hardcoded Password Found in Cisco Enterprise Software, Again

Cisco released 16 security advisories yesterday, including alerts for three vulnerabilities rated ‘Critical’ and which received a maximum of 10 out of 10 on the CVSSv3 severity score. The three vulnerabilities include a backdoor account and two bypasses of the authentication system for Cisco Digital Network Architecture (DNA) Center. The Cisco DNA Center is a piece of software that’s aimed at enterprise clients and which provides a central system for designing and deploying device configurations (aka provisioning) across a large network.

This is, arguably, a pretty complex piece of software, and according to Cisco, a recent internal audit has yielded some pretty bad results. The first of these flaws, and probably the easiest to exploit, is CVE-2018-0222. Cisco describes this as an ‘undocumented, static user credentials for the default administrative account,’ which is just a longer way of spelling backdoor account.

The company did not reveal the account’s default username and password but said it grants an attacker root privileges on targeted systems.

Source: bleepingcomputer.com