Cisco Network Registrar Vulnerability

Cisco Network Registrar (CNR) provides highly scalable and reliable DNS, DHCP, and TFTP services, simplifying administrative tasks associated with network and device configuration by centralizing management.

CNR contains a default password for the administrative account.  An attacker could use this knowledge to authenticate with administrative privileges and arbitrarily change the configuration of CNR. This vulnerability is documented in Cisco bug ID CSCsm50627  (registered customers only) and has been assigned the Common Vulnerabilities and Exposures (CVE) identifier CVE-2011-2024.  Due to the nature of the vulnerability and its potential impact this vulnerability is rated HIGH.  No known attacks have been noted in the wild, but this one is simple.  All you need is the knowledge.

If you are not a registered Cisco customer, you can implement a simple workaround.  CHANGE THE DEFAULT PASSWORD!

  • To change the password using the web interface, select Advanced -> Administrators -> Admin from the menu.
  • Execute the following command to change the administrator’s password using the command-line interface:
  • admin <admin-name> enterPassword

Access to CNR (TCP ports 8080, 8090, 8443, and 8453) and the host on which it is running should be limited to legitimate IP addresses using Access Control Lists or other means.

It is always a good practice to change default passwords during installation, and user selected passwords periodically.  The change interval should comply with an organization’s security policy but, as a guideline, all passwords should be changed two or three times a year.  This practice applies equally to all products regardless of when they are installed, and to all users, administrators and non-administrators.