Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: Cisco Unified Communications Domain Manager Update - SANS Internet Storm Center SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Cisco Unified Communications Domain Manager Update

Yet another round of patches, this time for Cisco's Unified Communications Domain Manager [1].

The vulnerability that is probably going to be exploited first is the backdoor Cisco left behind for support access. In order to provide Cisco support with access to customer equipment, the company felt it was a great idea to equip all instances with the same SSH key. 

Having the same key on all systems is mistake number one, but wouldn't be fatal if the secret key would have been tugged away in Cisco's special safedeposit box. Instead, they left the secret key on customer systems as well. So in other words: If you own one of the systems, you got the key to access all of them.

Filtering SSH access to the device at your border is a good first step to protect yourself if you can't patch right away.


Johannes B. Ullrich, Ph.D.

I will be teaching next: Application Security: Securing Web Apps, APIs, and Microservices - SANSFIRE 2022


4510 Posts
ISC Handler
Jul 2nd 2014

Sign Up for Free or Log In to start participating in the conversation!