Cisco Fixes Hard-coded Credentials, SSH Key Issues

Share post:

Cisco recently released a security update to address two critical vulnerabilities: CVE-2021-34795 which allows attackers to gain access with hard-coded credentials, and CVE-2021-40119 which uses default SSH keys to take over unpatched devices.

The first vulnerability has been found in Cisco Catalyst Passive Optical Network (PON) Series Switches Optical Network Terminal (ONT) and may allow a remote attacker to login to the affected device via a debugging account with a default, static password.”

However, the vulnerability is limited in that it can only be exploited by creating a Telnet session with vulnerable devices. Since Telnet is not enabled by default, the number of targets that a threat actor could attack is therefore limited.

The second vulnerability is caused by the re-use of static SSH keys in Cisco Policy Suite installations, allowing a remote attacker to log in to an affected system as the root user.

Cisco’s new software updates automatically generate new SSH keys during installation to address the vulnerability.

For more information, read the original story in Bleeping Computer.


Related articles

Cyber Security Today, June 14, 2024 – Employee downloaded a file that led to hospital chain’s ransomware attack

An employee downloaded a file that led to hospital chain's ransomware attack Welcome to Cyber Security Today. It's Friday...

Cyber Security Today, June 12, 2024 – More Snowflake storage victims found, Microsoft issues new Windows patches,

More Snowflake storage victims found, Microsoft issues new Windows patches, and more. Welcome to Cyber Security Today. It's Wednesday,...

Former OpenAI employee alleges plan for AGI bidding war

In a recent interview, former OpenAI safety researcher Leopold Aschenbrenner made startling claims about his ex-employer's strategy regarding...

Malicious code in millions of installs traced to Microsoft Visual Studio

A group of Israeli researchers found thousands of potentially harmful extensions on the Visual Studio Code (VSCode) Marketplace,...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways