Cisco leaves key to all its Unified CDM systems under doormat

Cisco Systems recently realized that its Unified Communications Domain Manager (Unified CDM) software contains a default privileged account with a static password that cannot be changed, exposing the platform to hacking by remote attackers.

The Cisco Unified CDM is part of the Cisco Hosted Collaboration System and provides automation and administrative functions for the Cisco Unified Communications Manager, Cisco Unity Connection, Cisco Jabber applications, associated phones and software clients.

The privileged account is created when Unified CDM is first installed and cannot be changed or removed without affecting the system’s functionality—although exactly how, Cisco didn’t say in its security advisory. The only solution, the company said, is to install the patches it released.

To read this article in full or to leave a comment, please click here