Cisco shares tricks to spot exploitation: Cisco said in the advisory that it hasn’t observed any exploitation in the wild, but it has provided a method for customers to detect compromises. Successful logins via the root account would leave traces in system logs located at ‘/var/log/active/syslog/secure’, it said.The advisory even included an example log snippet to show what an attacker’s SSH session might look like.The company said the exploit doesn’t require any device configuration, and no workaround is available to mitigate the risk apart from upgrading. Customers without a service contract can still request the fix, provided they can share their device’s serial number and a link to the advisory.The flaw, which was found during an internal security testing, is the second max-severity bug Cisco reported within a week, the first being an insufficient input validation flaw affecting Cisco’s identity and access control platforms, allowing RCE as root user.
First seen on csoonline.com
Jump to article: www.csoonline.com/article/4016769/hardcoded-root-credentials-in-cisco-unified-cm-trigger-max-severity-alert.html
