14 DAY TRIAL // Cisco has published an advisory – which was picked up by the United States Computer Emergency Readiness Team (US-CERT) – to warn customers of a default credentials vulnerability in the company’s TelePresence System.
According to Cisco, at installation time, a default TelePresence password recovery account is created. This account has default credentials that can be leveraged by a remote attacker to gain access to the web server with administrative privileges.
“Cisco TelePresence System Series 500, 13X0, 1X00, 3X00, and 30X0 running CiscoTelePresence System Software Releases 1.10.1 and prior are affected by this vulnerability. Cisco TelePresence TX 9X00 Series running Cisco TelePresence System Software Releases 6.0.3 and prior are affected by this vulnerability,” Cisco warns.
Other products might also be impacted.
A permanent software patch will be made available at a later date. In the meantime, Cisco advises customers to apply a workaround described in the security advisory.