Insecure by design: Cisco product shipped with backdoor
Cisco has reported a critical security hole in CiscoWorks Internetwork Performance Monitor (IPM), the network availability monitoring component of the CiscoWorks LAN Management Solution (LMS). According to the advisory, commands can be executed remotely on the underlying Solaris or Windows operating system without authentication.
Cisco reports that the problem is due to the IPM starting a process that binds a shell to a randomly selected TCP port. The shell executes commands entered there at system privilege level under Windows and at casuser privilege level under Solaris. Version 2.6 is affected. An update is available. Cisco has rated the hole as critical and advises all users to install the update as soon as possible.
Cisco's advisory does not describe how this unusual vulnerability came about. The vendor says that no exploits have been reported so far.
- CiscoWorks Internetwork Performance Monitor Remote Command Execution Vulnerability, Cisco security advisory