Full Disclosure mailing list archives

Cisco Security Advisory: Cisco TelePresence System Default Credentials Vulnerability

From: Cisco Systems Product Security Incident Response Team <psirt () cisco com>
Date: Wed, 7 Aug 2013 12:04:12 -0400

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Cisco Security Advisory: Cisco TelePresence System Default Credentials Vulnerability

Advisory ID: cisco-sa-20130807-tp

Revision 1.0

For Public Release 2013 August 7 16:00  UTC (GMT)

+---------------------------------------------------------------------

Summary
=======

A vulnerability in Cisco TelePresence System could allow a remote attacker to access the web server via a user account 
that is created with default credentials.

The vulnerability is due to a default user account being created at installation time. An attacker could exploit this 
vulnerability by remotely accessing the web server and using the default account credentials. An exploit could allow 
the attacker to log in with the default credentials, which gives them full administrative rights to the system.

Workarounds that mitigate this vulnerability are available.
This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130807-tp
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.19 (Darwin)

iF4EAREKAAYFAlICRBYACgkQUddfH3/BbTrGqQD+I5Yf/eVxV/vsUxX31XHDrLG+
NxwiFn3e1mDPMir9pGIA/jTzkeCxTTGMm5brlUQTFE0YJ3vDzXwAtp+HVzqu8i6K
=tMib
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Cisco Security Advisory: Cisco TelePresence System Default Credentials Vulnerability Cisco Systems Product Security Incident Response Team (Aug 07)