A significant security vulnerability has been identified affecting Cisco Unified Communications Manager (Unified CM) and related products. The flaw involves the presence of hardcoded root SSH credentials, which could allow an attacker to gain unauthorized access to the system with the highest level of privileges. This critical issue impacts several versions of Unified CM, including the Session Management Edition (SME), as well as Unified Contact Center Express (UCCX), Unified Contact Center Management Portal (UCCMP), and Packaged Contact Center Enterprise (PCCE).
The hardcoded credentials provide root access via the Secure Shell (SSH) protocol. If exploited, this could grant an attacker complete control over the affected system. The potential implications are severe, ranging from data theft and modification to complete system disruption and the ability to execute arbitrary commands as the root user. This level of access poses a substantial security risk to organizations relying on these communication platforms.
At present, Cisco has issued an advisory regarding this vulnerability. While a software update to permanently fix the issue is still under development, administrators are strongly urged to implement mitigation measures. The primary recommendation is to ensure that SSH access to the affected systems is strictly restricted to trusted administrative networks and hosts. Limiting the attack surface by controlling network access is a crucial immediate step. Administrators should also increase monitoring of system logs for any suspicious activity related to SSH login attempts. Staying informed about official advisories and preparing for the release of the necessary security patches is essential to protecting these vital communication infrastructures from potential exploitation. This hardcoded credential flaw highlights the importance of rigorous security practices in enterprise-level systems.
Source: https://www.bleepingcomputer.com/news/security/cisco-removes-unified-cm-callManager-backdoor-root-account/
