There’s a serious vulnerability in Cisco’s popular TelePresence system that could give an attacker complete control of the affected system. The vulnerability affects a broad range of TelePresence models, although there are workarounds available.
The vulnerability results from the fact that there are default credentials set up in the TelePresence systems. If a user account is created with the default credentials, an attacker would be able to exploit the bug and gain complete control of the Web server on which the system is running. Cisco has not yet made available patched versions of the TelePresence software.
“The vulnerability is due to a default user account being created at installation time. An attacker could exploit this vulnerability by remotely accessing the web server and using the default account credentials. An exploit could allow the attacker to log in with the default credentials, which gives them full administrative rights to the system,” Cisco said in its advisory.
“Cisco TelePresence System Software includes a password recovery administrator account that is enabled by default. Successful exploitation of this vulnerability could allow a remote attacker to use these default credentials to modify the system configuration and settings and take full control of the affected system. An attacker could use this account to modify the system configuration and settings via an HTTPS session.”
TelePresence is Cisco’s video and audio conferencing system that is designed to mimic the experience of being in the same room with the other participants. Cisco TelePresence System Series 500, 13X0, 1X00, 3X00, and 30X0 running CiscoTelePresence System Software Releases 1.10.1 and prior; and Cisco TelePresence TX 9X00 Series running Cisco TelePresence System Software Releases 6.0.3 and prior are affected by this flaw.
In addition to the patch, there are some workarounds that can mitigate the effects of this vulnerability. Here’s the guidance for products that are registered with Cisco Unified Communications Manager:
1. Proceed to Cisco Unified CM Administration and select Device > Phone, search and select the configured Cisco TelePresence unit.
2. Under the Secure Shell Information (ssh), change the ssh helpdesk user name from the default helpdesk to pwrecovery, and then choose an alternate password.
This will overwrite the pwrecovery account stored on the Cisco TelePresence unit, and permit changing the password from the default to one created by the Cisco Unfied CM administrator.
3. Reboot the Cisco TelePresence codec to download the updated Cisco Unified CM configuration.
Cisco has not said when the patch will be available.