CVE-2015-6412

Vulnerability

Cisco Modular Encoding Platform D9036 Software before version 02.04.70 contains hardcoded credentials for both root and guest accounts [1]. This defect exists in all prior releases and the credentials are embedded in the firmware, making them available to anyone who can authenticate via SSH [1]. No special configuration is required beyond having the SSH service enabled (the default) [1].

Exploitation

A remote attacker can simply connect to the device over SSH and log in using either of the hardcoded passwords [1]. No prior authentication, user interaction, or network position other than IP connectivity is required [1]. The attacker does not need any special privileges or access to the device's management interface [1].

Impact

Successful exploitation grants the attacker full administrative access (root) or limited (guest) access to the D9036 encoder [1]. With root privileges, the attacker can read, modify, or delete all configuration data; install malicious firmware; intercept or manipulate encoded video streams; and potentially pivot to other devices on the same network [1]. This constitutes a complete compromise of confidentiality, integrity, and availability [1].

Mitigation

Cisco released fixed software version 02.04.70 to address this vulnerability [1]. Customers with a valid service contract should upgrade to this or a later version through the Cisco Software Center [1]. Those without a service contract should contact the Cisco TAC to obtain the fixed release [1]. There is no workaround that removes the hardcoded credentials; the only remediating action is upgrading to the patched version [1].