Cisco Bug: CSCuw85390 - Shared Hard-coded keys present on PRIME LMS
Sep 12, 2019
- CiscoWorks LMS Portal
Known Affected Releases
Symptom: A vulnerability in Cisco Prime LMS could allow an authenticated, local attacker to decrypt and access data fields in the LMS database used to manage Cisco networks. The vulnerability is due to the presence of a default database decryption key that is shared across all the installations of Cisco Prime LMS. A locally authenticated attacker could exploit this vulnerability by obtaining the hard-coded key and using it to connect and decrypt all the data in the LMS database. Conditions: An attacker has to have a valid account on the operating system of the device on which LMS is installed and be locally connected to it's console in order to obtain a default hard-coded key. This account does not have to have admin or root privileges. By extracting a default, hard-coded key from the device file system, an attacker can further use the key to decrypt and access all the fields in the LMS database used to manage devices in the Cisco network. Once obtained, the key can be used to access the database either locally or via remote connection to the LMS. All versions of Cisco Prime LMS are affected by this.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases