Hardcoded password in Cisco software could be used to gain control of systems

Cisco's Prime Collaboration Provisioning (PCP) software has a hardcoded password that could be used by an attacker to gain full control of a system. The company even says that "extenuating circumstances" exist that could enable an attacker to elevate privileges to root. The vulnerability (CVE-2018-0141) affects version 11.6 of the software. A patch has been made available, and users are encouraged to install it as soon as possible as there no other workarounds. Cisco explains that the problem is fixed in Prime Collaboration Provisioning Software Releases 12.1 and later, and says that it was detected during "internal security testing." It… [Continue Reading]