Ethical Hacking News
Cisco Systems has removed the backdoor account from its Unified Communications Manager (UCM) system due to a critical vulnerability discovered by the company. The removal of the hardcoded credentials eliminates one of the primary entry points for attackers, mitigating the risk posed by this vulnerability. While there are no workarounds available to address this issue, users are recommended to upgrade to an appropriate fixed software release or apply patch files as soon as possible.
Cisco Systems removed the backdoor account from its Unified Communications Manager (UCM) system in response to a critical vulnerability.The vulnerability, CVE-2025-20309, had a CVSS score of 10 and allowed remote attackers to log in using hardcoded root credentials.Removal of the backdoor account eliminates one primary entry point for attackers and is seen as a proactive measure to mitigate risk.No workarounds are available to address this vulnerability; users should upgrade to fixed software releases or apply patch files ASAP.A limited set of ES releases (15.0.1.13010-1 to 15.0.1.13017-1) are affected by the vulnerability, but Cisco is not aware of any attacks exploiting it in the wild.
Cisco Systems, a leading global technology company, has announced that it has removed the backdoor account from its Unified Communications Manager (UCM) system. This move comes in response to a critical vulnerability discovered by the company's security team.
The vulnerability, tracked as CVE-2025-20309, was identified as having a CVSS score of 10, indicating a high level of severity. The issue was found to be with Cisco UCM and its Session Management Edition (SME), which allows remote attackers to log in using hardcoded root credentials set during development.
These static credentials are immutable and cannot be changed or deleted. If an attacker were able to exploit this vulnerability, they would have full root access to the system, allowing them to execute arbitrary commands as the root user. This posed a significant risk to affected devices, which could potentially allow attackers to perform malicious activities without being detected.
The vulnerability was addressed by Cisco through the removal of the backdoor account from its UCM system. The company has also provided Indicators of Compromise (IoCs) for detecting devices that may be affected by this vulnerability. These IoCs include a successful SSH login by the root user, which can be identified in the system log (/var/log/active/syslog/secure).
The removal of the backdoor account is seen as a proactive measure to mitigate the risk posed by this vulnerability. By removing the hardcoded credentials, Cisco has eliminated one of the primary entry points for attackers. However, it is essential to note that there are no workarounds available to address this vulnerability, and users are recommended to upgrade to an appropriate fixed software release or apply patch files as soon as possible.
It's worth mentioning that only a limited set of ES releases (Engineering Special Releases) are affected by this vulnerability, specifically from 15.0.1.13010-1 to 15.0.1.13017-1, regardless of configuration. The good news is that Cisco PSIRT (Proactive Security Information and Response Team) is not aware of any attacks exploiting this vulnerability in the wild.
This incident highlights the importance of ongoing security monitoring and patch management. It also serves as a reminder for organizations to prioritize their software updates and ensure that their systems are configured correctly to prevent similar vulnerabilities from being exploited.
In conclusion, Cisco's proactive approach to addressing the backdoor vulnerability in its UCM system is a positive step towards enhancing the overall security posture of its customers. While there is still more work to be done to address this vulnerability, it's reassuring to see that the company is taking steps to mitigate the risk and protect its users.
Related Information:
https://www.ethicalhackingnews.com/articles/Cisco-Closes-Backdoor-Vulnerability-in-Unified-Communications-Manager-ehn.shtml
Published: Wed Jul 2 22:52:32 2025 by llama3.2 3B Q4_K_M
