[cisco-voip] Cisco Voice Operating System-Based Products Unauthorized Access Vulnerability

Mon Nov 20 12:48:54 EST 2017

I was thinking about running John the Ripper on a lab box that is affected
to try to get the password.  Not sure if it will find anything though.

On Mon, Nov 20, 2017 at 11:50 AM, Pete Brown <jpb at chykn.com> wrote:

> I wonder if there are any existing penetration testing utilities to check
> for these conditions on UCOS hosts?
>
>
> If not, challenge accepted.
>
> ------------------------------
> *From:* cisco-voip <cisco-voip-bounces at puck.nether.net> on behalf of
> Brian Meade <bmeade90 at vt.edu>
> *Sent:* Monday, November 20, 2017 10:25 AM
> *To:* Anthony Holloway
> *Cc:* cisco-voip at puck.nether.net
> *Subject:* Re: [cisco-voip] Cisco Voice Operating System-Based Products
> Unauthorized Access Vulnerability
>
> Anyone got some ideas on trying to crack this UCOS password?  Should help
> us out in scanning our customers to see if they are affected, but we
> wouldn't want this password to end up indexed by google and make the issue
> even worse.
>
> On Fri, Nov 17, 2017 at 4:46 PM, Anthony Holloway <
> avholloway+cisco-voip at gmail.com> wrote:
>
> Bwahaha! I just logged in to your CUCM Tim.
>
> On a serious note, I think it’s interesting how this “flag” issue is such
> a big deal, when back in the old days of UCCX, Cisco was creating an
> intentional back-door in all installs, using the same username and password
> on all of them.
>
> For the curious, it was :
>
> Username: CRSAdministrator
> Password: NwY.t9g(f'L9[3C
>
> If you have access to a UCCX 7x or lower, try logging in to Windows with
> that account and report back if it worked.
>
> If it does work, check the MADM logs on the C: for the clear text AXL
> username and password, so you can compromise CUCM too!
> On Fri, Nov 17, 2017 at 1:46 PM Tim Frazee <tfrazee at gmail.com> wrote:
>
> heads up
>
> https://tools.cisco.com/security/center/content/CiscoSecurit
> yAdvisory/cisco-sa-20171115-vos
> <https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftools.cisco.com%2Fsecurity%2Fcenter%2Fcontent%2FCiscoSecurityAdvisory%2Fcisco-sa-20171115-vos&data=02%7C01%7Cjpb%40chykn.com%7Cc6d62618f1394047c79708d530335cb9%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636467919512806356&sdata=IdvnVpdKRKohCUKQSKKh4bKfelSJUiZAdjH11YhCLns%3D&reserved=0>
>
>
> _______________________________________________
> cisco-voip mailing list
> cisco-voip at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip
> <https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpuck.nether.net%2Fmailman%2Flistinfo%2Fcisco-voip&data=02%7C01%7Cjpb%40chykn.com%7Cc6d62618f1394047c79708d530335cb9%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636467919512806356&sdata=vOKtR8Wsv5fwFmwmyehk7Nn8m7NSLCh4DhqdDBz5Bos%3D&reserved=0>
>
>
> _______________________________________________
> cisco-voip mailing list
> cisco-voip at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip
> <https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpuck.nether.net%2Fmailman%2Flistinfo%2Fcisco-voip&data=02%7C01%7Cjpb%40chykn.com%7Cc6d62618f1394047c79708d530335cb9%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636467919512806356&sdata=vOKtR8Wsv5fwFmwmyehk7Nn8m7NSLCh4DhqdDBz5Bos%3D&reserved=0>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20171120/37737734/attachment.html>