Vulnslist

find the latest Cisco vulnerabilities

Cisco Mobility Services Engine Static Credential Vulnerability

cisco-sa-20151104-mse-cred · High · Published · Updated

A vulnerability in the Cisco Mobility Services Engine (MSE) could allow an unauthenticated, remote attacker to log in to the MSE with the default oracle account. This account does not have full administrator privileges. The vulnerability is due to a user account that has a default and static password. This account is created at installation and cannot be changed or deleted without impacting the functionality of the system. An attacker could exploit this vulnerability by remotely connecting to the affected system via SSH using this account. A successful exploit could allow the attacker to log in to the MSE using the default oracle account. Cisco has released software updates that address this vulnerability. A workaround that mitigates this vulnerability is available. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151104-mse-cred

Cisco advisory ·CSAF JSON

Workarounds

The following is a workaround to disable SSH login for the oracle user account on the MSE:

1. Log in to the MSE as user root.

2. Edit the file /etc/ssh/sshd_config via a text editor. 

3. Navigate to the bottom of the file and add the following line:

   
DenyUsers oracle

   This instructs the SSH service to not allow SSH logins for the oracle user.

   Note: This change only takes effect after the SSH service is restarted.

4. Save the updated /etc/ssh/sshd_config file.

5. Restart the SSH service with the service sshd restart command.

6. To verify that the workaround is properly configured, attempt an SSH login to the MSE as the oracle user. 

    This login attempt should fail with the error .  

     
ssh –l oracle

     Try an SSH login to the MSE as the root user. This login attempt should succeed.

   
 ssh -l root

Note: This workaround configuration is persistent and only needs to be applied once.

CVEsCVE-2015-6316
Cisco Bug IDsCSCuv40501
CVSS ScoreBase 6.5
Base 6.5 AV:N/AC:L/Au:S/C:P/I:P/A:P/E:F/RL:OF/RC:C
Product Names From Source
Cisco Mobility Services Engine

Related Products

Product CVE Evidence
Cisco Mobility Services Engine CVE-2015-6316 Cisco OpenVuln