Cisco has patched two critical vulnerabilities that could have allowed unauthenticated attackers to log in to affected devices using hard-coded credentials or default SSH keys.
The first flaw fixed by the IT giant, tracked as CVE-2021-34795, affects the Cisco Catalyst Passive Optical Network (PON) Series Switches Optical Network Terminal (ONT).
“Multiple vulnerabilities in the web-based management interface of the Cisco Catalyst Passive Optical Network (PON) Series Switches Optical Network Terminal (ONT) could allow an unauthenticated, remote attacker to perform the following actions:
- Log in with a default credential if the Telnet protocol is enabled
- Perform command injection
- Modify the configuration
A remote attacker can exploit the flaw in the Telnet service of Cisco Catalyst PON Series Switches ONT to log in to the affected device by using a debugging account with a hardcoded password.
The Telnet service is not enabled by default and the issue could be exploited only on devices configured to allow Telnet connections.
The vulnerability received a CVSS score of 10/10, it affects the following Catalyst PON switches:
Catalyst PON Switch CGP-OLT-8T and Catalyst PON Switch CGP-OLT-16T are not affected.
The second critical vulnerability, tracked as CVE-2021-40119, resides in the key-based SSH authentication mechanism of Cisco Policy Suite.
This vulnerability is due to a weakness in the SSH subsystem of an affected system. An attacker could exploit this vulnerability by connecting to an affected device through SSH. A successful exploit could allow the attacker to log in to an affected system as the root user.
Cisco Policy Suite software releases 21.2.0 and later will automatically create new SSH keys during the install process but not during upgrades.
To generate new SSH keys and propagate them to all machines, you can use the steps detailed in the Fixed Releases section of Cisco’s advisory and these Vulnerabilities are not exploited in the wild.