CPSEC-49: Tech Support Mode Warning Bypass
August 6, 2019
Device permitted enabling of “cproot” account through the “Add User” function built into administrative interface.
Summary: The device permitted enabling of the “cproot” account through the “Add User” functionality built in to the administrative interfaces.
Identified: New York City Cyber Command (NYC3) IBR1700 assessment results.
Impact: High: Enabling the “cproot” account in this way suppresses one of the significant alerts from the device about configuration events that pose a potential security risk.
Exploitability: Medium; in that an attacker must know the password of a device user; and knowledge of other alerts focusing on device modification still sent to the logging functionalities implemented by the device.
Mitigation: Fix added to NCOM – FW 7.1.10 version release addressing NYC3 recommendations. Treat any device noting a successful login to the “cproot” account, without an identified maintenance window, as compromised and removed from service until completion of forensic analysis.
Incorporated and released into FW 7.1.10 (Aug/6/2019) to enable Admin Access to Networks with trusted users. Delegate all other users to Guest or like Networks without enabled Admin Access.
To update routers to 7.1.10, or above, to correct this vulnerability, see CP Knowledgebase article for details and instructions below.