Cisco TelePresence System Default Root Account Security Vulnerability

Release date: 2011-11-10
Updated on: 2011-11-11

Affected Systems:
Cisco TelePresence Systems (CTS)
Description:
--------------------------------------------------------------------------------
Cisco TelePresence is a Cisco TelePresence solution that collaborates with colleagues, partners, and customers around the world in a timely manner.

Cisco TelePresence has multiple implementation vulnerabilities that can be exploited by malicious users to control the affected systems.

This vulnerability is caused by an enabled root user account with a default password on the device. It is disabled ("off") in settings and can be exploited to obtain the administrator access permission of the device.

<* Source: vendor

Link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111109-telepresence-
*>

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:

Cisco
-----
Cisco has released a Security Bulletin (cisco-sa-20111109-telepresence-c-ex-series) and patches for this:

Cisco-sa-20111109-telepresence-c-ex-series: Cisco TelePresence System Integrator C Series and Cisco TelePresence EX Series Device Default Root Account Manufacturing Error

Link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111109-telepresence-