SSH Key Vulnerability in Cisco Unified Communications Domain Manager Software
CVE-2014-2198

Currently unrated

Key Information:

Vendor: Cisco
Status: Unified Communications Domain Manager; Unified Cdm Platform Software
Vendor: CVE Published:; 7 July 2014

Summary

The Cisco Unified Communications Domain Manager (CDM) in Unified CDM Platform Software versions prior to 4.4.2 is affected by a significant security issue due to a hardcoded SSH private key. This vulnerability allows remote attackers to gain unauthorized access to both support and root accounts by extracting the private key from a binary file located in a different installation of the product. Such access can lead to potential compromise of sensitive data and unauthorized control over communications systems.

References

http://secunia.com/advisories/59544

third-party-advisoryx_refsource_SECUNIA

http://www.securityfocus.com/bid/68334

vdb-entryx_refsource_BID

http://www.securitytracker.com/id/1030515

vdb-entryx_refsource_SECTRACK

Timeline

Vulnerability published
Jul 7, 2014
Vulnerability Reserved
Feb 25, 2014