1. Forum
  2. tqwNet
  3. TQW GENTECH

  • Cisco warns of a serious security flaw in comms platform - and th

    From TechnologyDaily@1337:1/100 to All on Thursday, July 03, 2025 10:15:08
    Cisco warns of a serious security flaw in comms platform - and that it needs patching immediately

    Date:
    Thu, 03 Jul 2025 09:09:19 +0000

    Description:
    Researchers found hardcoded credentials for an admin granting root access.

    FULL STORY ======================================================================Login credentials for an account with root access was found in Cisco's Unified Communications Manager There are no workarounds, just a patch, so users
    should update now Different versions of the tool are affected

    Another hardcoded credential for admin access has been discovered in a major software application - this time around its Cisco, who discovered the slip-up in its Unified Communications Manager (Unified CM) solution.

    Cisco Unified CM is an enterprise-grade IP telephony call control platform providing voice, video, messaging, mobility, and presence services. It
    manages voice-over-IP ( VoIP ) calls, and allows for the management of tasks such as user/device provisioning, voicemail integration, conferencing, and more.

    Recently, Cisco found login credentials coded into the program, allowing for access with root privileges. The bug is now tracked as CVE-2025-20309, and
    was given a maximum severity score - 10/10 (critical). The credentials were apparently used during development and testing, and should have been removed before the product was shipped to the market.

    Get 55% off Incogni's Data Removal service with code TECHRADAR

    Wipe your personal data off the internet with the Incogni data removal service. Stop identity thieves
    and protect your privacy from unwanted spam and scam calls. View Deal No evidence of abuse

    Cisco Unified CM and Unified CM SME Engineering Special (ES) releases 15.0.1.13010-1 through 15.0.1.13017-1 were said to be affected, regardless of the device configuration. There are no workarounds or mitigations, and the only way to address it is to upgrade the program to version 15SU3 (July
    2025).

    A vulnerability in Cisco Unified Communications Manager (Unified CM) and
    Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to log in to an affected device using the root account, which has default, static credentials that cannot be changed or deleted," Cisco said.

    At press time, there was no evidence of abuse in the wild.

    Hardcoded credentials are one of the more common causes of system infiltrations. Just recently Sitecore Experience Platform, an
    enterprise-level content management system (CMS), held a hardcoded password for an internal user. It was just one letter - b - which was super easy to guess.

    Roughly a year ago, security researchers from Horizon3.ai found hardcoded credentials in SolarWinds Web Help Desk.

    Via BleepingComputer You might also like New Chrome flaw leaks sensitive information across websites - your data could already be in the wrong hands Take a look at our guide to the best authenticator app We've rounded up the best password managers



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/cisco-warns-of-a-serious-security-flaw- in-comms-platform-and-that-it-needs-patching-immediately


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)