Hello, welcome to the Friday, June 9th, 2017 edition of the Sandtonet Storm Center's Stormcast.

My name is Johannes Ulrich, and today I'm recording from Washington, D.C.

Cisco patched a number of its products this week.

Now, among these patches, there are two-born abilities that I found particularly interesting. Both of them

affect the Cisco Prime Data Center Network Manager. The first one actually bypasses authentication

for the system because Cisco, by mistake, left a debug tool enabled that does not require authentication. Exploitation should be pretty

straightforward and may happen across the network. This vulnerability will allow an attacker to

execute arbitrary command on the device as route. The second vulnerability is good old default static credentials as

you install this tool. A default account is created. The user is not informed about this default

account and access to this account, again across the network, could allow access to the

administrative console of the device.

According to Cisco, there are no workarounds, so get on patching, given the simplicity of

exploiting these vulnerabilities and the impact they may have, you also should make sure

that there is no remote network access to this system.

And talking about default accounts, ERP scan did release a nice blog post, listing all the default

accounts that you commonly find in Oracle's PeopleSoft, including the passwords typically

associated with these accounts.

So great resource in case you need to audit Oracle's PeopleSoft.

And while sticking with default passwords for yet another story, F-Secure released paper

with details about vulnerabilities in Opticam and FOSCAM digital video cameras.

These are web-based network cameras and of course they have caused a lot of pain for network

administrators in the past. Yet again, default passwords, telnet servers that are not documented, but enabled and

...