Network equipment manufacturer Cisco has warned of a critical vulnerability in its provisioning software, which could allow a local attacker to access the operating system with a default password, and potentially increase their privileges to root.
In a warning, Cisco writes that the local attacker can gain access to a vulnerable system via ssh by using the preprogrammed default password. In this way it is possible to obtain limited rights on the underlying Linux operating system. Cisco considers it possible that the attacker then obtains root rights and can thus exercise full control. Normally, the leak would not be labeled as critical, but because it is possible to obtain root rights, Cisco has opted for this estimate.
The vulnerability CVE-2018-0141 is only present in version 11.6 of the Prime Collaboration Provisioning software, also known as PCP. It is intended for provisioning users and services for video and audio communication. In version 12.1, the company introduced a fix for the vulnerability.
In addition, Cisco warns of a second critical vulnerability with attribute CVE-2018-0147. This is present in the software for a so-called Secure Access Control System. An attacker could gain root access to the system remotely through a special Java object and execute code with those privileges. All versions under 5.8 patch 9 are vulnerable, with an exploit requiring authentication in some cases. A patch is available in the form of version 18.104.22.168.9. The product in question has not been sold since August of last year.