Happens to Even the Best–Cisco Password Bug
Cisco is a name synonymous with the best, robust networking devices out there, but even they can slip up from time to time. Slipping up is accidental and non-intentional but lazy is something else. If putting a default password in a network data collection tool, especially in today’s security conscious atmosphere can be considered lazy is a matter of relative judgement.
Because nowadays, tools such as the Cisco Common Service Platform Collector (CPSC) are supposed to ask (which it does) for what should be the admin password upon installation, or the registration key for the software is granted by the provider (such as Cisco) after the system admin is registered.
Unfortunately, the Cisco Common Service Platform Collector came with what could be considered as a backdoor password. While some admins would appreciate this little ‘feature’ (people tend to forget passwords), in a perfect world, a default, static ‘hardcoded’ password shouldn’t exist.
This is something that is better appreciated by malicious adversaries to gain plenty of information on a network’s Cisco devices. Below is a detailed description of the tool from Cisco’s own CSPC Getting Started Guide.
“The Cisco Common Service Platform Collector (CSPC) is an SNMP-based tool that discovers and collects information from the Cisco devices installed on your network.
The CSPC software provides an extensive collection mechanism to gather various aspects of customer device data. Information gathered by the collector is used by several Cisco Service offers, such as Smart Net Total Care, Partner Support Service, and Business Critical Services.
The data is used to provide inventory reports, product alerts, configuration best practices, technical service coverage, lifecycle information, and many other detailed reports and analytics for both the hardware and operating system (OS) software.”
While this password bug does not grant administrator privileges to remote attackers, the tool could give them information they need to do so or, cause some heavy damage.
“…The vulnerability exists because the affected software has a user account with a default, static password… An attacker could exploit this vulnerability by remotely connecting to the affected system using this account. A successful exploit could allow the attacker to log in to the CSPC using the default account.”
Fortunately, as of this writing, Cisco has already issued patches for this vulnerability.