Three Unpatched Bugs Spotted in Third-Party Provisioning Platform

 

Researchers at Rapid7 have unearthed three highly critical security flaws in Akkadian Provisioning Manager, a third-party provisioning tool within Cisco Unified Communications environments that can be chained together to enable remote code execution (RCE) with elevated privileges.

Cisco’s UC suite allows VoIP and online video communications across enterprise footprints. The Akkadian products are equipment that is generally employed in huge enterprises to enable handle the method of provisioning and configuring all of the UC clientele and scenarios, via automation.

The flaws present in version 4.50.18 of the Akkadian edition, are as follows: 

•CVE-2021-31579: Use of tough-coded credentials (ranking 8.2 out of 10 on the CVSS vulnerability-severity scale)

•CVE-2021-31580 and CVE-2021-31581: Improper neutralization of specific components used in an OS command (using exec and vi commands, respectively; ranking 7.9) 

•CVE-2021-31582: Publicity of sensitive information to an unauthorized actor (ranking 7.9)

The combination of CVE-2021-31579 with either CVE-2021-31580 or CVE-2021-31581 will allow an unauthorized adversary to acquire root-degree shell entry to affected equipment, as per Quick7. That will make it straightforward to install cryptominers, keystroke loggers, persistent shells, and any other form of Linux-primarily based malware. 

CVE-2021-31582 allows an attacker who is presently authenticated to the unit to alter or delete the contents of the regional MariaDB database, which is free of charge and an open-source fork of the MySQL relational databases administration process. In some cases, attackers could recover LDAP BIND credentials in use in the host organization, which are used to authenticate clients (and the consumers or applications behind them) to a directory server. 

“In addition to these issues, two other questionable findings were discovered: The ability to read the cleartext local MariaDB credentials, and the inadvertent shipping of an entire GitHub repo with commit history. At the time of this writing, it’s unclear if these findings present unique security issues, but should be reviewed by the vendor,” the company explained, in a blog post this week. 

Security recommendations for organizations 

To guard their environments, firms ought to restrict network access to the SSH port (22/tcp), so that only trustworthy people are allowed on, and disable any internet-facing connectivity, Rapid7 advised.

“Furthermore, system operators should know that, in the absence of a fix, users who have access to the Akkadian Appliance Manager effectively have root shell access to the device, due to the second and third issues,” according to the assessment. 

Rapid7 disclosed the flaws to Akkadian in February, but irrespective of multiple adhere to-ups, there is been no response, in accordance with Immediate7.