Hardcoded Password Found in Cisco Enterprise Software, Again

Cisco released 16 security advisories yesterday, including alerts for three vulnerabilities rated ‘Critical’ and which received a maximum of 10 out of 10 on the CVSSv3 severity score. The three vulnerabilities include a backdoor account and two bypasses of the authentication system for Cisco Digital Network Architecture (DNA) Center. The Cisco DNA Center is a piece of software that’s aimed at enterprise clients and which provides a central system for designing and deploying device configurations (aka provisioning) across a large network.

This is, arguably, a pretty complex piece of software, and according to Cisco, a recent internal audit has yielded some pretty bad results. The first of these flaws, and probably the easiest to exploit, is CVE-2018-0222. Cisco describes this as an ‘undocumented, static user credentials for the default administrative account,’ which is just a longer way of spelling backdoor account.

The company did not reveal the account’s default username and password but said it grants an attacker root privileges on targeted systems.

Source: bleepingcomputer.com