Get in Touch
Critical Vulnerabilities in Cisco Devices
Overview
Cisco has patched 2 vulnerabilities that would allow a remote attacker to log in to their devices using default credentials.
This follows multiple severe Denial of Service vulnerabilities reported last week.
A default, static password in some Cisco Catalyst PON series devices (CVE-2021-34795) could allow a remote attacker to log in if the Telnet service has been manually enabled.
A reused SSH key (CVE-2021-40119 ) would allow a remote attacker with a copy of the key to log in to an affected device as a root user.
Impact
A remote attacker can take control of some network devices.
A remote attacker can cause a Denial of Service in some network devices.
An authenticated FTD user could execute commands on the device with root privileges.
Affected Products
Cisco Policy Suite
- Catalyst PON Switch CGP-ONT-1P
- Catalyst PON Switch CGP-ONT-4P
- Catalyst PON Switch CGP-ONT-4PV
- Catalyst PON Switch CGP-ONT-4PVC
- Catalyst PON Switch CGP-ONT-4TVCW
Containment, Mitigations & Remediations
Cisco have released advice on how to regenerate the SSH key.
Indicators of Compromise
None known.
Threat Landscape
Cisco’s PSIRT say there’s no PoC available online for the remote login attacks and no evidence of ongoing exploitation but the root SSH key can be extracted from a device so it won’t be long until this is being used by criminals.
Mitre Methodologies
T1190 – Exploit Public-Facing Application
Further Information
Cisco Catalyst PON Series Switches ONT Vulnerabilities
Cisco Policy Suite Static SSH Keys Vulnerability