For the fourth time in as many months, Cisco has removed hardcoded credentials that were left inside one of its products, which an attacker could have exploited to gain access to devices and inherently to customer networks.

This time around, the hardcoded password was found in Cisco’s Wide Area Application Services (WAAS), which is a software package that runs on Cisco hardware that can optimize WAN traffic management.

Harcoded SNMP community string

This backdoor mechanism (CVE-2018-0329) was in the form of a hardcoded, read-only SNMP community string in the configuration file of the SNMP daemon.

SNMP stands for Simple Network Management Protocol, an Internet protocol for collecting data about and from remote devices. The community string was there so SNMP servers knowing the string’s value could connect to the remote Cisco device and gather statistics and system information about it.

“An attacker could exploit this vulnerability by using the static community string in SNMP version 2c queries to an affected device,” Cisco said. “A successful exploit could allow the attacker to read any data that is accessible via SNMP on the affected device.”

Hardcoded creds is invisible to device owners

Making matters worse, this SNMP community string is hidden from device owners, even from the ones with an admin account, meaning they couldn’t have located it on their own during regular security audits.

The string came to light by accident, while security researcher Aaron Blair from RIoT Solutions was researching another WaaS vulnerability (CVE-2018-0352).

This second vulnerability was a privilege escalation in the…

[SOURCE]