Cisco Prime LAN Management Solution Default Decryption Key Vulnerability

A vulnerability in Cisco Prime LAN Management Solution (LMS) could allow an authenticated, local attacker to decrypt and access data fields in LMS databases that are used to manage devices in Cisco networks.

The vulnerability is due to the presence of a default database decryption key that is shared across installations of Cisco Prime LMS. An authenticated, local attacker who has both local connectivity to the console and a valid account on the operating system of a device on which LMS is installed could exploit this vulnerability by obtaining the default, hard-coded key from the device file system. The attacker could use the key to connect to and decrypt all the data in the LMS database that is used to managed devices in the network, and access all the fields in the database. After obtaining the key, the attacker can use the key to access the database locally or via a remote connection to LMS.

Cisco has not released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160310-prime-lms[“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160310-prime-lms”]