Several holes in Cisco products
Network equipment manufacturer Cisco has reported a number of security holes in various products. Some of Cisco's IP telephones allow anybody access to the administrator web interface, while other models have a standard pre-set user with a known password. In addition, attackers can escalate their rights with Cisco's Secure Services Client, a program that authenticates clients on a network in compliance with IEEE 802.1X.
Cisco's Unified IP Conference Station 7935 and 7936 provide attackers with access to the administrator web interface by allowing URLs to be entered directly; they need not be logged in. Units Unified IP Phone 7906G, 7911G, 7941G, 7961G, 7970G and 7971G have a standard user with a preset password in the firmware. This account can be accessed via SSH, for instance. Attackers can execute a denial-of-service attack against a vulnerable telephone or expand their rights via weak points to do even more damage.
Cisco's Secure Services Client authenticates clients in compliance with IEEE 802.1X. A "light" version of it is used in the Trust Agent of Cisco's Network Admission Control Framework (NAC); the product also used to be sold as AEGIS SecureConnect. Several vulnerabilities in this software allow malicious users to expand their rights or gain the passwords of other users, which the software logs in plain text in the user directory.
In its security advisory, Cisco explains some of the counter-measures that administrators can take. In addition, the company has provided software updates to close the holes.
- Cisco Unified IP Conference Station and IP Phone Vulnerabilities, Cisco security advisory
- Multiple Vulnerabilities in 802.1X Supplicant, Cisco security advisory