#VU13222 Information disclosure (backdoor) in Cisco Wide Area Application Services
Vulnerability identifier: #VU13222
Vulnerability risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-798
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
Cisco Wide Area Application Services
Server applications /
Other server solutions
Vendor: Cisco Systems, Inc
Description
The vulnerability allows a remote attacker to obtain potentially sensitive information the target system.
The vulnerability exists in the default configuration of the Simple Network Management Protocol (SNMP) feature of Cisco Wide Area Application Services (WAAS) Software due to a hard-coded, read-only community string in the configuration file for the SNMP daemon. A remote attacker can use a backdoor account and the static community string in SNMP version 2c queries and read any data that is accessible via SNMP.
Note: The static credentials are defined in an internal configuration file and are not visible in the current operation configuration ('running-config') or the startup configuration ('startup-config').
Mitigation
The vulnerability is addressed in the following versions: 6.4(3.46), 6.4(1b)15, 6.2(3e)31.
Vulnerable software versions
Cisco Wide Area Application Services: 6.2.3 - 6.4.1
External links
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-waas-snmp
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
