Guest

Preview Tool

Cisco Bug: CSCuw85390 - Shared Hard-coded keys present on PRIME LMS

Last Modified

Sep 12, 2019

Products (1)

  • CiscoWorks LMS Portal

Known Affected Releases

4.2(5)

Description (partial)

Symptom:
A vulnerability in Cisco Prime LMS could allow an authenticated, local attacker to decrypt and access data fields in the LMS database used to manage Cisco 
networks.
 
The vulnerability is due to the presence of a default database decryption key that is shared across all the installations of Cisco Prime LMS. A locally authenticated 
attacker could exploit this vulnerability by obtaining the hard-coded key and using it to connect and decrypt all the data in the LMS database.

Conditions:
An attacker has to have a valid account on the operating system of the device on which LMS is installed and be locally connected to it's console in order to obtain a 
default hard-coded key. This account does not have to have admin or root privileges. 
By extracting a default, hard-coded key from the device file system, an attacker can further use the key to decrypt and access all the fields in the LMS database used 
to manage devices in the Cisco network.
Once obtained, the key can be used to access the database either locally or via remote connection to the LMS.
 
All versions of Cisco Prime LMS are affected by this.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.