The networking and security hardware manufacturer, Cisco, is hit with its fifth major backdoor vulnerability for its Cisco Policy Suite in the last five months. Cisco is a company that specializes in creating networking solutions for service providers and enterprises. This allows the companies to manage, restrict, and monitor how customers and employees use the company’s network services through network-intrusive commands that access, observe, and collect data of users’ online activity. This information is accessible through one central administrator controlled by the providing company and the company’s policies with regards to internet use, such as blocking of certain websites, are enforced through this system. The software that Cisco puts out deliberately includes such network-intrusive features to allow for complete and efficient system monitoring by corporations. However, if the administrator credentials are compromised or a malicious outsider is able to gain access to the command center, s/he could wreak havoc across the network, having complete access to the users’ activity and being able to control their domains however s/he chooses. This is what Cisco was just at risk of in its CVE-2018-0375 (bug ID: CSCvh02680) which received an unprecedented CVSS severity ranking of 9.8 out of a possible 10. The vulnerability was discovered through an internal security testing carried out by Cisco.
Cisco’s report on the matter was published on the 18th of July, 2018, at 1600 hours GMT and the advisory was put up under the identification label “cisco-sa-20180718-policy-cm-default-psswrd.” The summary of the report explained that the vulnerability existed in the Cluster Manager of Cisco Policy Suite (prior to release 18.2.0) and it had the potential to allow an unauthorized remote hacker to access the root account embedded in the software. The root account has the default credentials, putting it at risk of manipulation, which a hacker could use to gain access to the network and control it with full administrator rights.
Cisco established that this was a fundamental vulnerability and that there was no workaround for this issue. Hence, the company released the free patch in version 18.2.0 and all users of their product were encouraged to ensure that their network systems were updated to the patched version. In addition to this fundamental vulnerability, 24 other vulnerabilities and bugs were also fixed in the new update which included the Cisco Webex Network Recording Players Remote Code Execution Vulnerabilities and the Cisco SD-WAN Solution Arbitrary File Overwrite Vulnerability.
To ensure that the system is up to date, administrators are requested to check their devices in the device CLI by entering the about.sh command. This will deliver an output to the administrator about the version that is in use and whether any patches have been applied to it. Any device using a version below 18.2.0 is decreed vulnerable. This includes mobile phones, tablets, laptops, and any other devices that an enterprise is monitoring using Cisco.