In association with heise online

01 August 2011, 10:03

Cisco Telepresence Server has default password on root

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Cisco logo

The Cisco TelePresence Recording Server Software Release has a root administrator account that is enabled by default with a default password, making it vulnerable to remote attackers. Attackers can, if they have knowledge of the default password, use SSH on port 22 to access the device and operate it as root. In an advisory, Cisco said the impact of the flaw could allow the attacker to modify the system credentials and settings.

Cisco says that a single customer reported a "potential exploitation" to them but they are not aware of widespread exploitation. Cisco says previous versions, 1.7.0 and 1.7.1, are not affected. The company has released a fixed version, – customers are asked to contact Cisco directly for update. An "Applied Mitigation Bulletin" has also been released which essentially suggests blocking access to port 22 (SSH) to reduce the chance of being exploited.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit