|CERT-In Vulnerability Note
Cisco Prime Collaboration Assurance Default Account Credential Vulnerability
Original Issue Date:December 18, 2015
Severity Rating: HIGH
- Cisco Prime Collaboration Assurance Software version prior to 11.0
A vulnerability has been reported in Cisco Prime Collaboration Assurance (PCA) which could allow an unauthenticated remote attacker to gain access to the targeted device.
This vulnerability occurs due to undocumented cmuser account that has a default and static password. A remote attacker could exploit this vulnerability by connecting to the affected system via SSH to view the password file, system log, PCA database information, modify data and cause the device to become unstable or inaccessible.
Successful exploitation of this vulnerability could allow a remote attacker to log in to the device with the default cmuser user account and to gain the access to the affected device.
Apply appropriate updates as mentioned in CISCO advisory
The information provided herein is on "as is" basis, without warranty of any kind.
Email: email@example.com Phone: +91-11-24368572
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
6, CGO Complex, Lodhi Road,
New Delhi - 110 003