-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2015.3087
            Cisco Prime Collaboration Assurance Default Account
                         Credential Vulnerability
                             10 December 2015

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Cisco Prime Collaboration Assurance
Publisher:         Cisco Systems
Operating System:  VMware ESX Server
                   Cisco
Impact/Access:     Unauthorised Access -- Existing Account
Resolution:        Patch/Upgrade
CVE Names:         CVE-2015-6389  

Original Bulletin: 
   http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-pca

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Cisco Security Advisory: Cisco Prime Collaboration Assurance Default Account Credential Vulnerability

Advisory ID: cisco-sa-20151209-pca

Revision 1.0

For Public Release  2015 December 9 16:00 UTC (GMT)

+---------------------------------------------------------------------

Summary
=======

A vulnerability in Cisco Prime Collaboration Assurance (PCA) Software could allow an unauthenticated, remote attacker to log in to the system shell with the default cmuser user account and access the shell with a limited set of permissions.

The vulnerability is due to an undocumented account that has a default and static password. This account is created during installation and cannot be changed or deleted without impacting the functionality of the system. The first time this account is used the system will request that the user change the default password.

An attacker could exploit this vulnerability by remotely connecting to the affected system via SSH by using the undocumented account. Successful exploitation could allow the attacker to access the system with the privileges of the cmuser user. This vulnerability allows the attacker to: access some sensitive data, such as the password file, system logs, and Cisco PCA database information; modify some data; run some internal executables; and potentially make the system unstable or inaccessible.

Cisco has released software updates that address this vulnerability. Workarounds are available.

This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-pca


- -----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - https://gpgtools.org

iQIcBAEBCgAGBQJWaCspAAoJEIpI1I6i1Mx3z2MP/381uF5+mIQ0mw/T3wLa3BIF
q+N8NG6ZlIZuQS8gtKwI9Ywl2K1GKgyyPdugsZ4lLli0Trp2tX7V8VoifX2vFGD4
nHk7/vEAVCQ8p3SZtO13ObgHOYVfAYjtm2ijSxEZYbcsM21zMnV9551edr1XCgNp
MbIoUnhWzepO3ps6neirtN5ye7np7iPXiGrH98tAW6OxCZ16VOEp6tQPEzyXTHRz
8cS466q/xiltGiknANP/R4IY1L7vVAF8+mksJaFpjXsr6jBHhDFBCic1kPkJSUno
SWfDz8vCu9DfzraaR4/x9madU5qcZRElpJUPsH0LKFAdGTSD80OiYpHbK9HcdoWI
KafzzlNnA5iocE4I3vrxEG/hCwwbjj47XMY7mlVW46MJeopzoA71t7jF9KFpyJJs
xsz9rORMXcswU46ZC+rwDiUTBBpreOJJCe8WCLzhepn1LRrJyvmTSQqzHTcpK2xA
JNos6kMSU1xWIJe2J/7hqKU5VbPXGHuARI4wpatzGsSFLS9THCxrcBj43Gfd8zo/
PLR4ipJVenbBRQjEpxPTGDUltkMrdmB84iN8mB2IcfkrUXfMR6hRZijhRwcq2cVu
iByoDe9Zn5H5pYbSMUXM2cNVGf+AuNYFB/CUoULC5JrKMq+1JUt4lsyL1NIC5JeR
HfD0Xf/4bKhC8z2kBLAe
=O1HB
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBVmkE5X6ZAP0PgtI9AQJ8KA//R5f0jeoKohTxpYW6uLS/kv7FG1m9OH7L
fZVkgnth7vot9RGNUnEfm2KGgOSJPv0sNTVXHSm7pdbv/bzvGKlSrOqldZZU0jKC
+6ey0GPm/af82I1Ht6Mh+gQt+tHoGpQftlZN0UiCTuywXujIQRBePS3QIBGLbLAb
mZlXNP1HhY1mNqTS6u/dWzHftfsBg2rU+TNpcoTFJ2ORVFdz2PF7RZp8guFj8IoC
p7kWL5PYZYdIQ3TIaguQfLn4pOfN3bfpwPq3tLA0PkjtU9qJ07lavzIfZK1JNx3c
YHFQRVz6QhT297+FdbDWDvcqipW9Np3bjxnK5f7fhX4lnIh9O4evRcrM1w7QmDUC
9BlLA4kbJCEF/INpLWC8WM0gFD47MUT3yxKXq5GTiiHQPXh/tO9RNsLDGPdnOuNN
GusUi0GH87S63F6udJxsMLPNnMvaOZmfp8sEpnEfqenjImB71ivvBnSKYy16bItb
Nw9H2edFD6JZdRhvPXcB7mEH72h/7vR1Mo/4FljXyOlWU5ORAYkQgdSPoN9RG1k5
DS+Th5aL6XhATtfrRBSwqoP1vRT7H4cggbNBpLyFjMd+WybRiA2aXwFG1BarC+5B
EETNx6ZI60gzjPqFS4wYIsBR200HXatIgz+dkhultpsnz6S1k4NoTDfMvRWgDsjs
2hwnNMiE1Og=
=1xZ8
-----END PGP SIGNATURE-----