Wow.
I thought all that secret backdoor stuff was just in the movies.
Cisco has warned Unified Communications installations can be remotely hijacked by miscreants, thanks to a hardwired SSH private key. In an advisory, the networking giant said unauthenticated attackers can log into its Unified Communications Domain Manager (Unified CDM) software as a root-level user by exploiting a default SSH …
SSH keys are asymmetric… there's a public and a private key.
The public key, as the name implies, is quite safe to leave lying around on foreign computers' authorized_keys files. It's the private key you must guard closely.
Surely Cisco didn't do the dimwitted thing of embedding both keys?!
"Surely Cisco didn't do the dimwitted thing of embedding both keys?!"
Signs point to yes. At a guess, the private key is embedded in the management software and can be activated to log into the various other components of the Unified Communications kit, presumably without prompting for a password just for extra fail.
SSH can be setup either to use a shared secret password, or to use public/private keypairs, where only the public key would have needed embedding, and clearly the latter approach is safer if slightly harder to setup. I've installed it using both approaches. Cisco had wanted to leave a way in for themselves and/or their spook friends without it becoming so easily exploitable and had thought a bit more carefully about this, they wouldn't have used the shared secret password approach.
The public key, as the name implies, is quite safe to leave lying around on foreign computers' authorized_keys files.
Frankly, how well would you feel having a public key in ~/.ssh/authorized_keys files that has the friendly comment "support access - do not remove!" next to it?
Many other vendors are doing the same thing. This is not to excuse Cisco. It is just to point out that these multibillion dollar corporations take the same shortcuts as the greasy neckbeard at your local mom & pop IT shop. Paying the "big vendor converged infrastructure" premium is not going to protect you from this.
Of course it does: remote disconnection.
"In September 2011 Ofgem introduced new licence conditions for suppliers as part of its “Smart Metering - Consumer Protections Package” which ensure that rules around pre-payment and disconnection apply to remote switching and remote disconnection"
-- www.parliament.uk/briefing-papers/sn06179.pdf p.14
Ofgem's original guidance open letter: https://www.ofgem.gov.uk/ofgem-publications/57395/remote-disconnection-and-ppm-guidance-open-letter-160810.pdf
ex-Cisco support here. Anon for obvious reasons.
The key _was_ used for remote access (I was not specifically touching VoIP stuff, however I was some-what familiar with the process to get access to the public key). As far as I'm aware, the press release is accurate and this was only used for support (However the key here is "as far as I'm aware").
Saying that, I am not familiar with backdoors in other products for support, specifically IOS and it's derivatives. This is, after all, why Cisco bought Webex; secure remote access.
Additionally, if you're allowing unfiltered access to your management network, you honestly have much bigger issues on your plate than this.