Bugs in Cisco TelePresence Systems

Friday, August 9, 2013 @ 03:08 PM gHale


There are more details in the vulnerability in Cisco’s TelePresence system which could give an attacker complete control of the affected system.

This vulnerability affects a broad range of TelePresence models, while there is not a patch available yet, there are some workarounds.

RELATED STORIES
Cisco Patches Security Holes
Holes in Cisco WebEx Patched
Cisco Closes Multiple Holes
Networking Fixes from Cisco, Wireshark

The vulnerability results from default credentials set up in the TelePresence systems. If a user account ends up created with the default credentials, an attacker would be able to exploit the bug and gain complete control of the Web server on which the system is running.

“The vulnerability is due to a default user account being created at installation time, the Cisco advisory said. “An attacker could exploit this vulnerability by remotely accessing the web server and using the default account credentials. An exploit could allow the attacker to log in with the default credentials, which gives them full administrative rights to the system.”

“Cisco TelePresence System Software includes a password recovery administrator account that is enabled by default,” the advisory said. “Successful exploitation of this vulnerability could allow a remote attacker to use these default credentials to modify the system configuration and settings and take full control of the affected system. An attacker could use this account to modify the system configuration and settings via an HTTPS session.”

TelePresence is Cisco’s video and audio conferencing system designed to mimic the experience of being in the same room with the other participants. Cisco TelePresence System Series 500, 13X0, 1X00, 3X00, and 30X0 running CiscoTelePresence System Software Releases 1.10.1 and prior; and Cisco TelePresence TX 9X00 Series running Cisco TelePresence System Software Releases 6.0.3 and prior suffer from this flaw.

There are some workarounds that can mitigate the effects of this vulnerability.

Here’s the guidance for products registered with Cisco Unified Communications Manager:
1. Proceed to Cisco Unified CM Administration and select Device > Phone, search and select the configured Cisco TelePresence unit.
2. Under the Secure Shell Information (ssh), change the ssh helpdesk user name from the default helpdesk to pwrecovery, and then choose an alternate password.

This will overwrite the pwrecovery account stored on the Cisco TelePresence unit, and permit changing the password from the default to one created by the Cisco Unfied CM administrator.

3. Reboot the Cisco TelePresence codec to download the updated Cisco Unified CM configuration.

Cisco has not said when the patch will be available.



Leave a Reply

You must be logged in to post a comment.