Hard-coded root credentials create a backdoor in Cisco’s Unified CM software

Cisco patched a maximum-severity flaw in Unified Communications Manager and its SME edition after discovering immutable, development-only root credentials that allow unauthenticated remote login and full command execution. A standalone patch file is available now, and the fix will be built into the upcoming 15SU3 release; there are no workarounds, so administrators should apply updates immediately and audit their system logs for unexpected root logins. The company also released updates for three medium-severity bugs in its Spaces Connector, Enterprise Chat and Email, and BroadWorks platforms.

Read more:

https://www.securityweek.com/cisco-warns-of-hardcoded-credentials-in-enterprise-software/