Cisco's Prime Collaboration Provisioning (PCP) software has a hardcoded password that could be used by an attacker to gain full control of a system. The company even says that "extenuating circumstances" exist that could enable an attacker to elevate privileges to root.
The vulnerability (CVE-2018-0141) affects version 11.6 of the software. A patch has been made available, and users are encouraged to install it as soon as possible as there are no other workarounds.
Cisco explains that the problem is fixed in Prime Collaboration Provisioning Software Releases 12.1 and later, and says that it was detected during "internal security testing." It is the second critical vulnerability found in the company's software recently, and the Cisco advisory and alert page lists a raft of medium impact vulnerabilities that were revealed yesterday as well.
In a security advisory posted on its website, Cisco says of the Prime Collaboration Provisioning vulnerability:
A vulnerability in Cisco Prime Collaboration Provisioning (PCP) Software could allow an unauthenticated, local attacker to log in to the underlying Linux operating system.
The vulnerability is due to a hard-coded account password on the system. An attacker could exploit this vulnerability by connecting to the affected system via Secure Shell (SSH) using the hard-coded credentials. A successful exploit could allow the attacker to access the underlying operating system as a low-privileged user. After low-level privileges are gained, the attacker could elevate to root privileges and take full control of the device.
It goes on:
Note: Although this vulnerability has a Common Vulnerability Scoring System (CVSS) Base score of 5.9, which is normally assigned a Security Impact Rating (SIR) of Medium, there are extenuating circumstances that allow an attacker to elevate privileges to root. For these reasons, the SIR has been set to Critical.