Cisco has patched a critical flaw in its Voice-OS which could allow an unauthenticated, remote hacker to gain elevated access to 12 types of its products.
The exploit is tied to the CVE-2017-12337 vulnerability in the upgrade mechanism of Cisco collaboration products based on the Cisco Voice Operating System software platform, according to a Nov. 15. Cisco Security Advisory.
Affected products include Cisco Unified Communications Manager (UCM), Cisco Unified Communication Manager Session Management Edition (SME), Cisco Emergency Responder, Cisco Unity Connection and Cisco Unified Communications Manager IM and Presence Service.
The flaw occurs when a refresh upgrade (RU) or Prime Collaboration Deployment (PCD) migration is performed on an affected device.
“When a refresh upgrade or PCD migration is completed successfully, an engineering flag remains enabled and could allow root access to the device with a known password,” the advisory said. “If the vulnerable device is subsequently upgraded using the standard upgrade method to an Engineering Special Release, service update, or a new major release of the affected product, this vulnerability is remediated by that action.”
Furthermore researchers said Engineering Special Releases that are installed as COP files, as opposed to the standard upgrade method, do not remediate the vulnerability and that an attacker who can access an affected device over SFTP while it is in a vulnerable state could gain root access to the device.
It is important for network and security professionals to be aware of rogue SSH communications on the network and for IT pros to investigate if they see an SSH connection to a device on the network from a client that normally doesn't have SSH traffic, Plixer Chief Executive Officer Michael Patterson said.
Once noticed, he said Network Traffic Analytics (NTA) should also be deployed to gather flows and metadata from every conversation on the network to provide visibility and alert you to rogue SSH traffic.
“Additionally, keeping systems updated with the latest security patches is very important to help remediate such problems,” Patterson said. “Security and network professionals should be sure to subscribe to notifications of software security releases so they can properly patch vulnerable systems.”
Cisco released a free software update to patch the vulnerability and users are urged to update as soon as possible.