[cisco-voip] Cisco Voice Operating System-Based Products Unauthorized Access Vulnerability

Charles Goldsmith wokka at justfamily.org
Mon Nov 20 09:40:26 EST 2017


Indeed it works, and sadly, I have a customer with uccx 7 still running...

On Fri, Nov 17, 2017 at 3:46 PM, Anthony Holloway <
avholloway+cisco-voip at gmail.com> wrote:

> Bwahaha! I just logged in to your CUCM Tim.
>
> On a serious note, I think it’s interesting how this “flag” issue is such
> a big deal, when back in the old days of UCCX, Cisco was creating an
> intentional back-door in all installs, using the same username and password
> on all of them.
>
> For the curious, it was :
>
> Username: CRSAdministrator
> Password: NwY.t9g(f'L9[3C
>
> If you have access to a UCCX 7x or lower, try logging in to Windows with
> that account and report back if it worked.
>
> If it does work, check the MADM logs on the C: for the clear text AXL
> username and password, so you can compromise CUCM too!
> On Fri, Nov 17, 2017 at 1:46 PM Tim Frazee <tfrazee at gmail.com> wrote:
>
>> heads up
>>
>> https://tools.cisco.com/security/center/content/
>> CiscoSecurityAdvisory/cisco-sa-20171115-vos
>>
>>
>> _______________________________________________
>> cisco-voip mailing list
>> cisco-voip at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-voip
>>
>
> _______________________________________________
> cisco-voip mailing list
> cisco-voip at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20171120/af55d7a3/attachment.html>


More information about the cisco-voip mailing list