Cisco has published security upgrades to address serious security vulnerabilities that allow unauthenticated attackers to gain control of unpatched devices using hard-coded passwords or default SSH keys.
CISA also advised users and administrators to check Cisco’s advisory and implement all required upgrades to prevent attempts to take control of compromised systems today.
The first of the two problems addressed on Wednesday (CVE-2021-34795) was discovered in the Cisco Catalyst Passive Optical Network (PON) Series Switches Optical Network Terminal (ONT).
This issue can be exploited only by establishing a Telnet session with susceptible devices and logging in using the hard-coded credential. Because Telnet is not enabled by default on impacted devices, the number of targets that threat actors may attack is severely limited.
CGP-ONT-1P, CGP-ONT-4P, CGP-ONT-4PV, CGP-ONT-4PVC, and CGP-ONT-4TVCW Catalyst PON switches are among those impacted. According to Cisco, CVE-2021-34795 does not affect Catalyst PON Switch CGP-OLT-8T and Catalyst PON Switch CGP-OLT-16T.
The re-use of static SSH keys across Cisco Policy Suite installations is the source of the second serious security vulnerability addressed yesterday. It is listed as CVE-2021-40119.
Cisco explains that a vulnerability in Cisco Policy Suite’s key-based SSH authentication technique might allow a remote, unauthenticated attacker to log in as the root user on an affected machine.
Cisco Policy Suite software versions 21.2.0 and later automatically produces new SSH keys during the installation process, but not during upgrades.
You can employ the methods provided in Cisco’s advisory’s Fixed Releases section to create new SSH keys and distribute them to all computers.
As per Cisco’s Product Security Incident Response Team (PSIRT), no public proof-of-concept attack code for these two vulnerabilities is accessible online. The company is unaware of any current exploitation in the wild.