[cisco-voip] Cisco Voice Operating System-Based Products Unauthorized Access Vulnerability

Anthony Holloway avholloway+cisco-voip at gmail.com
Fri Nov 17 16:46:00 EST 2017


Bwahaha! I just logged in to your CUCM Tim.

On a serious note, I think it’s interesting how this “flag” issue is such a
big deal, when back in the old days of UCCX, Cisco was creating an
intentional back-door in all installs, using the same username and password
on all of them.

For the curious, it was :

Username: CRSAdministrator
Password: NwY.t9g(f'L9[3C

If you have access to a UCCX 7x or lower, try logging in to Windows with
that account and report back if it worked.

If it does work, check the MADM logs on the C: for the clear text AXL
username and password, so you can compromise CUCM too!
On Fri, Nov 17, 2017 at 1:46 PM Tim Frazee <tfrazee at gmail.com> wrote:

> heads up
>
>
> https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-vos
>
>
> _______________________________________________
> cisco-voip mailing list
> cisco-voip at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20171117/9d914bae/attachment.html>


More information about the cisco-voip mailing list