- The login credentials for an account with the root access were found in the Unified Communications Manager of Cisco
- There are no solutions, just a patch, so users must now update
- Different versions of the tool are affected
Another coded credential for administrative access in an important software application has been discovered: this time, it is Cisco, who discovered the slide in its solution as Unified Communications Manager (CM UNIFIED).
Cisco Unified CM is a business call control platform of Business Degree IP that provides voice, video, mobility and presence services. It manages the calls of voice-on-IP (VOIP) and allows the management of tasks such as user/device provision, the integration of voice email, conferences and more.
Recently, Cisco found login credentials encoded in the program, allowing access with root privileges. The error is now tracked as CVE-2025-20309, and received a maximum gravity score: 10/10 (critic). The credentials were apparently used during development and tests, and should have been eliminated before the product was sent to the market.
There is no evidence of abuse
It was said that Cisco Unified CM and cm Sme Special (s) Special (s) of CM Unified 15.0.1.13010-1 to 15.0.1.13017-1 were affected, regardless of the device configuration. There are no solutions or mitigations, and the only way to address it is to update the program to version 15SU3 (July 2025).
“A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unifice CM SME) could allow an unauthorized and remote attacker Gestos, “said Cisco.
At the time of publication, there was no evidence of abuse in nature.
Codified credentials are one of the most common causes of system infiltrations.
Recently it was discovered that Sitecore Experience Platform, a system of administration of business level content (CMS), had a encoded password for an internal user that was just a letter, ‘B’, which makes it incredibly easy to guess.
And in August 2024, Horizon3 Security researchers discovered that the coded credentials had been left in the product of the Solarwinds web aid table.
Through Bleepingcomputer
