[cisco-voip] Cisco Voice Operating System-Based Products Unauthorized Access Vulnerability

Erick Bergquist erickbee at gmail.com
Wed Nov 22 14:39:20 EST 2017


Looking at doing the same, pushing the cop file.

"file search install system-history.log Upgrade"  will show just the
Upgrade entries. Can look to see if a nornal upgrade was done after a
refresh entry.


On Wed, Nov 22, 2017 at 8:08 AM, Brian Meade <bmeade90 at vt.edu> wrote:
> We've got a team doing some scripting to check the system-history.log.  It
> looks like there is no harm to running the COP on a non-affected system as
> well so we may just push it in bulk.
>
> On Wed, Nov 22, 2017 at 9:01 AM, Ryan Ratliff (rratliff)
> <rratliff at cisco.com> wrote:
>>
>> I’d rather you take the approach of telling all of your customers to
>> install the COP file rather than pen-testing on a live system :)
>>
>> If you want to see if they are exposed get the system-history.log and
>> install.log and upload them to a TAC SR or manually inspect them to
>> determine the timeline of install & upgrade types. All the info you need is
>> in the advisory.
>> PCD Migration -> exposed
>> RU Upgrade -> exposed
>> L2 Upgrade -> not exposed
>>
>> -Ryan
>>
>> On Nov 20, 2017, at 11:25 AM, Brian Meade <bmeade90 at vt.edu> wrote:
>>
>> Anyone got some ideas on trying to crack this UCOS password?  Should help
>> us out in scanning our customers to see if they are affected, but we
>> wouldn't want this password to end up indexed by google and make the issue
>> even worse.
>>
>> On Fri, Nov 17, 2017 at 4:46 PM, Anthony Holloway
>> <avholloway+cisco-voip at gmail.com> wrote:
>>>
>>> Bwahaha! I just logged in to your CUCM Tim.
>>>
>>> On a serious note, I think it’s interesting how this “flag” issue is such
>>> a big deal, when back in the old days of UCCX, Cisco was creating an
>>> intentional back-door in all installs, using the same username and password
>>> on all of them.
>>>
>>> For the curious, it was :
>>>
>>> Username: CRSAdministrator
>>> Password: NwY.t9g(f'L9[3C
>>>
>>> If you have access to a UCCX 7x or lower, try logging in to Windows with
>>> that account and report back if it worked.
>>>
>>> If it does work, check the MADM logs on the C: for the clear text AXL
>>> username and password, so you can compromise CUCM too!
>>> On Fri, Nov 17, 2017 at 1:46 PM Tim Frazee <tfrazee at gmail.com> wrote:
>>>>
>>>> heads up
>>>>
>>>>
>>>> https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-vos
>>>>
>>>>
>>>> _______________________________________________
>>>> cisco-voip mailing list
>>>> cisco-voip at puck.nether.net
>>>> https://puck.nether.net/mailman/listinfo/cisco-voip
>>>
>>>
>>> _______________________________________________
>>> cisco-voip mailing list
>>> cisco-voip at puck.nether.net
>>> https://puck.nether.net/mailman/listinfo/cisco-voip
>>>
>>
>> _______________________________________________
>> cisco-voip mailing list
>> cisco-voip at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-voip
>>
>
>
> _______________________________________________
> cisco-voip mailing list
> cisco-voip at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip
>


More information about the cisco-voip mailing list