-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Reference: CERT-EU Security Advisory 2014-015 Title: Cisco UCS Director Default Credentials Vulnerability [1] Version history: 19.02.2014 Initial publication Summary ======= A vulnerability in the Cisco Unified SIP Phone 3905 could allow an unauthenticated, remote attacker to gain root-level access to an affected device. CVE numbers: CVE-2014-0709 Vulnerable systems ================== Cisco UCS Director Software versions prior to Cisco UCS Director Release 4.0.0.3 HOTFIX are affected by this vulnerability. Original Details ================ The vulnerability is due to a default root user account created during installation. An attacker could exploit this vulnerability by accessing the server command-line interface (CLI) remotely using the default account credentials. An exploit could allow the attacker to log in with the default credentials, which provide full administrative rights to the system. What can you do? ================ There is a patch. [1] What to tell your users? ======================== N/A More information ================ [1] http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140219-ucsd Best regards, CERT-EU (http://cert.europa.eu) Phone: +32.2.2990005 / e-mail: cert-eu@ec.europa.eu PGP KeyID 0x46AC4383 FP: 9011 6BE9 D642 DD93 8348 DAFA 27A4 06CA 46AC 4383 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQIcBAEBAgAGBQJTBi77AAoJEPpzpNLI8SVo2iAQAJ/zHuyrTYD7UlscrPWq/3DJ 539rxtrtbvnMvSg1v5SKYpf63tRD99YTgt6QQUjVQ0XWgUPGQmpMI9YBuzi2uKif ydidYaQiq7h+n6GzyABdIk5OugyC4RkdqvPhD61t8cZkktozZW0M9vEGQR5diK7x +C9u/7iAl+eooGUcZhdPJFLTQjalCXN8PIDJM7H3Jw8Kazs0j1jYYNC+7F5NZhfT tuCQjtLvmcbNF+SFT3txYSKPp8/K/3EzcYLFFQfpE03xRZEjm2SVQnbuIHccX01o lJ6YN9FXXKDmFicZQzrZqrzubs+Pwzc5gaU268Ptj/eiieI7Jd8heEPivZaTaUZf TTpQdf+oT3d5JkzTcQjh9zVGtziOGw8X6iKqY4x9tYfrrj46eacn264Onz/Ij8W3 RKHuwxlajajTJLIE4VzXWOC7WmEVmdoOeQ2bJrnhZ7gUgiOaHLwQrwwqy2TgYjeJ 7qW0mHUfxu8geZ57QsG4+YNWiXQzyNSWAP61Sw5qlm/4rWJq7FEdIdRbAaNSTEuU bJX3r5LUEVQpPJTTOmS6RKWVKCVJ9kcJk+w3IRlrsIFyV4DUTpqAOc9dpsa4q3co JDamggkiLSa2BoQoco3oLMWQmLzvYS3HfI4cRIKGzeo50qO4algpkSFT6WGEMtVh P60KxrxtA0WpnXOmQHK7 =eCWb -----END PGP SIGNATURE-----