Re: [cisco-voip] Cisco Voice Operating System-Based Products Unauthorized Access Vulnerability

Looking at doing the same, pushing the cop file. "file search install system-history.log Upgrade" will show just the Upgrade entries. Can look to see if a nornal upgrade was done after a refresh entry. On Wed, Nov 22, 2017 at 8:08 AM, Brian Meade wrote: > We've got a team

Re: [cisco-voip] Cisco Voice Operating System-Based Products Unauthorized Access Vulnerability

We've got a team doing some scripting to check the system-history.log. It looks like there is no harm to running the COP on a non-affected system as well so we may just push it in bulk. On Wed, Nov 22, 2017 at 9:01 AM, Ryan Ratliff (rratliff) wrote: > I’d rather you take

Re: [cisco-voip] Cisco Voice Operating System-Based Products Unauthorized Access Vulnerability

I’d rather you take the approach of telling all of your customers to install the COP file rather than pen-testing on a live system :) If you want to see if they are exposed get the system-history.log and install.log and upload them to a TAC SR or manually inspect them to determine the timeline

Re: [cisco-voip] Cisco Voice Operating System-Based Products Unauthorized Access Vulnerability

Cc: Anthony Holloway; cisco-voip@puck.nether.net Subject: Re: [cisco-voip] Cisco Voice Operating System-Based Products Unauthorized Access Vulnerability I was thinking about running John the Ripper on a lab box that is affected to try to get the password. Not sure if it will find anything tho

Re: [cisco-voip] Cisco Voice Operating System-Based Products Unauthorized Access Vulnerability

5 AM > *To:* Anthony Holloway > *Cc:* cisco-voip@puck.nether.net > *Subject:* Re: [cisco-voip] Cisco Voice Operating System-Based Products > Unauthorized Access Vulnerability > > Anyone got some ideas on trying to crack this UCOS password? Should help > us out in scanning our custom

Re: [cisco-voip] Cisco Voice Operating System-Based Products Unauthorized Access Vulnerability

November 20, 2017 10:25 AM To: Anthony Holloway Cc: cisco-voip@puck.nether.net Subject: Re: [cisco-voip] Cisco Voice Operating System-Based Products Unauthorized Access Vulnerability Anyone got some ideas on trying to crack this UCOS password? Should help us out in scanning our cust

Re: [cisco-voip] Cisco Voice Operating System-Based Products Unauthorized Access Vulnerability

Anyone got some ideas on trying to crack this UCOS password? Should help us out in scanning our customers to see if they are affected, but we wouldn't want this password to end up indexed by google and make the issue even worse. On Fri, Nov 17, 2017 at 4:46 PM, Anthony Holloway <

Re: [cisco-voip] Cisco Voice Operating System-Based Products Unauthorized Access Vulnerability

Indeed it works, and sadly, I have a customer with uccx 7 still running... On Fri, Nov 17, 2017 at 3:46 PM, Anthony Holloway < avholloway+cisco-v...@gmail.com> wrote: > Bwahaha! I just logged in to your CUCM Tim. > > On a serious note, I think it’s interesting how this “flag” issue is such > a

Re: [cisco-voip] Cisco Voice Operating System-Based Products Unauthorized Access Vulnerability

Bwahaha! I just logged in to your CUCM Tim. On a serious note, I think it’s interesting how this “flag” issue is such a big deal, when back in the old days of UCCX, Cisco was creating an intentional back-door in all installs, using the same username and password on all of them. For the curious,

[cisco-voip] Cisco Voice Operating System-Based Products Unauthorized Access Vulnerability

heads up https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-vos ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip