Cisco release updates fixing the default SSH key and hard-coded credentials issues

On 4^th Nov 2021, two critical vulnerabilities that allowed unauthenticated attackers to log in to affected devices using default SSH keys or using hard-coded credentials was fixed by cisco.

The first vulnerability tracked as CVE-2021-34795 is on Cisco Catalyst PON Series Switches.

The published advisory mentioned the following on the vulnerability “Multiple vulnerabilities in the web-based management interface of the Cisco Catalyst Passive Optical Network (PON) Series Switches Optical Network Terminal (ONT) could allow an unauthenticated, remote attacker to perform the following actions:

Log in with a default credential if the Telnet protocol is enabled
Perform command injection
Modify the configuration”

Cisco products affect by this vulnerability are:

Catalyst PON Switch CGP-ONT-1P
Catalyst PON Switch CGP-ONT-4P
Catalyst PON Switch CGP-ONT-4PV
Catalyst PON Switch CGP-ONT-4PVC
Catalyst PON Switch CGP-ONT-4TVCW

The second vulnerability tracked as CVE-2021-40119 is on Cisco Policy Suite.

“A vulnerability in the key-based SSH authentication mechanism of Cisco Policy Suite could allow an unauthenticated, remote attacker to log in to an affected system as the root user. This vulnerability is due to a weakness in the SSH subsystem of an affected system. An attacker could exploit this vulnerability by connecting to an affected device through SSH. A successful exploit could allow the attacker to log in to an affected system as the root user.” the company explain in the advisory.

Product Security Incident Response Team (PSIRT) of Cisco say that currently there is no public proof-of-concept exploit code available and no ongoing exploitation in the wild.

Impact

Allow an unauthenticated, remote attacker to perform a command injection attack against an affected device.

Remediate

Users are advised to update the necessary patches.

Reference