Blog

You are currently viewing Cisco Bug That Gives Remote Hackers Administrative Privileges Discovered

Cisco Bug That Gives Remote Hackers Administrative Privileges Discovered

A dangerous bug affecting the High Availability (HA) service of Cisco Smart Software Manager On-Prem Base has been found. According to Threat Post, Steven Van Loo of hIQkru had uncovered this system flaw.

 

Meanwhile, the Cisco administrators have issued a system patch to tackle this security bug. The patch’s name is Cisco Smart Software Manager On-Prem release 7-202001. Experts had named the bug CVE-2020-3158.

 

However, the vulnerability only affects systems with the HA feature enabled. Which is good news as this setting is not enabled by default. Also, while attackers would gain access to a sensitive portion of the system, they would not have full administrative rights to control the device.

 

Yet, as Cisco points out:

 

“[it] could allow an unauthenticated, remote attacker to access a sensitive part of the system with a high-privileged account.

 

“A successful exploit could allow the attacker to obtain read-and-write access to system data, including the configuration of an affected device.”

Also read:
-Tech Trends To Watch Out For By IBM’s Country Manager Dipo Faulkner
-Access Bank And Technology Distributions Ltd. Collaborate To Empower Business Partners
-Woman + Man = Person: Google AI Would Stop Identifying Genders In Photos

As Threat Post also discloses, Cisco Smart Software Manager On-Prem Base is used to manage a customer or partner’s product licenses, providing near real-time visibility and reporting of the Cisco licenses that an organization purchases and consumes.

 

Thus, financial institutions, utilities, service providers and government organizations commonly use it. This is because the main users are those who have strict security requirements. Also, it is for those who do not want their products to communicate with the central licensing database on Smart Software Manager over a direct Internet connection.

 

Cisco bug issue
Cisco develops, manufactures and sells networking hardware, software, telecommunications equipment.

 

Remote attackers could use a static, default password to control the High Availability service. This is possible, even if the platform doesn’t have an internet connection.

 

Experts have shown their displeasure at this security ignorance. Chris Hass, director of information security and research at Automox had shared his disappointment with Threat Post when he said:

 

“… to see manufacturers and critical service providers continue to ignore the basics of cyber-hygiene is disappointing.”

 

2020 seems like the year of security fixes. Yet, it is troubling to see the number of weaknesses existing on widely used platforms. The many Twitter accounts hack readily comes to mind.

 

Are users safe enough or is their privacy regularly at stake? These questions will surely keep developers on their toes to fix loose ends.

 

For your daily dose of tech, lifestyle and trending content, make sure to follow Plat4om on Twitter @Plat4omLive, on Instagram @Plat4om, on LinkedIn at Plat4om, and on Facebook at Plat4om. You can also email us at info@plat4om.com. Finally, don’t forget to subscribe to our YouTube channel HERE.

Tags:

Onwuasoanya Obinna

A reader of books and stringer of words. Passionate about Science and Tech. When not writing or reading he is surfing the web and Tweeting.

Leave a Reply