[cisco-voip] Cisco Voice Operating System-Based Products Unauthorized Access Vulnerability

Brian Meade bmeade90 at vt.edu
Wed Nov 22 10:08:45 EST 2017


We've got a team doing some scripting to check the system-history.log.  It
looks like there is no harm to running the COP on a non-affected system as
well so we may just push it in bulk.

On Wed, Nov 22, 2017 at 9:01 AM, Ryan Ratliff (rratliff) <rratliff at cisco.com
> wrote:

> I’d rather you take the approach of telling all of your customers to
> install the COP file rather than pen-testing on a live system :)
>
> If you want to see if they are exposed get the system-history.log and
> install.log and upload them to a TAC SR or manually inspect them to
> determine the timeline of install & upgrade types. All the info you need is
> in the advisory.
> PCD Migration -> exposed
> RU Upgrade -> exposed
> L2 Upgrade -> not exposed
>
> -Ryan
>
> On Nov 20, 2017, at 11:25 AM, Brian Meade <bmeade90 at vt.edu> wrote:
>
> Anyone got some ideas on trying to crack this UCOS password?  Should help
> us out in scanning our customers to see if they are affected, but we
> wouldn't want this password to end up indexed by google and make the issue
> even worse.
>
> On Fri, Nov 17, 2017 at 4:46 PM, Anthony Holloway <
> avholloway+cisco-voip at gmail.com> wrote:
>
>> Bwahaha! I just logged in to your CUCM Tim.
>>
>> On a serious note, I think it’s interesting how this “flag” issue is such
>> a big deal, when back in the old days of UCCX, Cisco was creating an
>> intentional back-door in all installs, using the same username and password
>> on all of them.
>>
>> For the curious, it was :
>>
>> Username: CRSAdministrator
>> Password: NwY.t9g(f'L9[3C
>>
>> If you have access to a UCCX 7x or lower, try logging in to Windows with
>> that account and report back if it worked.
>>
>> If it does work, check the MADM logs on the C: for the clear text AXL
>> username and password, so you can compromise CUCM too!
>> On Fri, Nov 17, 2017 at 1:46 PM Tim Frazee <tfrazee at gmail.com> wrote:
>>
>>> heads up
>>>
>>> https://tools.cisco.com/security/center/content/CiscoSecurit
>>> yAdvisory/cisco-sa-20171115-vos
>>>
>>>
>>> _______________________________________________
>>> cisco-voip mailing list
>>> cisco-voip at puck.nether.net
>>> https://puck.nether.net/mailman/listinfo/cisco-voip
>>>
>>
>> _______________________________________________
>> cisco-voip mailing list
>> cisco-voip at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-voip
>>
>>
> _______________________________________________
> cisco-voip mailing list
> cisco-voip at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20171122/5fb81cf7/attachment.html>


More information about the cisco-voip mailing list