Cisco releases security advisory for Cisco TelePresence System

Cisco has released a security advisory to address a vulnerability in the Cisco TelePresence System. This vulnerability may allow a remote attacker to access the web server via a user account created with default credentials, which gives the attacker full administrative rights to the system.

Users and administrators should review the following Cisco Security Advisory and apply any necessary updates or workarounds to help mitigate these vulnerabilities.

Cisco TelePresence System Default Credentials Vulnerability
Advisory ID: cisco-sa-20130807-tp
This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130807-tp

Summary
A vulnerability in Cisco TelePresence System could allow a remote attacker to access the web server via a user account that is created with default credentials.

The vulnerability is due to a default user account being created at installation time. An attacker could exploit this vulnerability by remotely accessing the web server and using the default account credentials. An exploit could allow the attacker to log in with the default credentials, which gives them full administrative rights to the system.

Source
US-CERT

No comments: