nav search
Data Center Software Security Transformation DevOps Business Personal Tech Science Emergent Tech Bootnotes BOFH

LDAP snafu in Cisco Prime

By Richard Chirgwin, 29 Jun 2016

Sysadmins using LDAP for Cisco Prime Collaboration Provisioning have an urgent patch to deal with, and Cisco Firepower users need to get rid of a just-discovered default account.

The critical-rated vulnerability can allow a remote attacker to bypass authentication and get full administrative privileges.

The bug in LDAP authentication affects Cisco Prime Collaboration Provisioning software version 10.6 with Service Pack 2 (SP2). A patch has already hit Cisco's software centre.

The other important security bug-fix just released affects the company's Firepower System Software Release 6.0 running on a variety of appliances.

At installation, the buggy release creates a default account with hard-coded credentials. While it's not an admin-level account, Cisco says a local or remote attacker gets access to enough CLI commands to compromise the device. ®

The Register - Independent news and views for the tech community. Part of Situation Publishing