Cisco fixed critical flaws in its Secure Access Control System (ACS) and its Prime Collaboration Provisioning (PCP) software along with multiple other vulnerabilities.
The vulnerability in the Cisco Prime Collaboration Provisioning software (CVE-2018-0141) was found during internal security testing and is because of a hard-coded account password on the system.
“An attacker could exploit this vulnerability by connecting to the affected system via Secure Shell (SSH) using the hard-coded credentials. A successful exploit could allow the attacker to access the underlying operating system as a low-privileged user. After low-level privileges are gained, the attacker could elevate to root privileges and take full control of the device,” the company said in a post.
While the vulnerability can’t be exploited remotely and only allows low-privilege access, “there are extenuating circumstances that allow an attacker to elevate privileges to root,” researchers said. That is why the flaw gets its critical status.
It affects only version 11.6 of the software, and has been now fixed in releases 12.1 and later.
The vulnerability (CVE-2018-0147) in the Cisco Secure Access Control System can be exploited remotely by an unauthenticated attacker and can be used to achieve remote code execution with root privileges.
“The vulnerability is due to insecure deserialization of user-supplied content by the affected software. An attacker could exploit this vulnerability by sending a crafted serialized Java object,” the company said.
It affects all releases of Cisco Secure ACS prior to release 5.8 patch 9. Its exploitation potential is lesser on Cisco Secure ACS systems running release 5.8 Patch 7 or Patch 8, as it the user needs to be authenticated to pull off the compromise.
The vulnerability has been fixed in Cisco Secure ACS 220.127.116.11.9 Cumulative Patch.
Positive Technologies researchers Mikhail Klyuchnikov and Yury Aleynov discovered the issue.