Authentication bypass (backdoor) in Cisco 550X Series Stackable Managed Switches
| Risk | High |
| Patch available | NO |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2018-15439 |
| CWE-ID | CWE-798 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Cisco 550X Series Stackable Managed Switches Hardware solutions / Routers & switches, VoIP, GSM, etc Cisco Small Business 200 Series Smart Switches Hardware solutions / Routers & switches, VoIP, GSM, etc Cisco Small Business 500 Series Stackable Managed Switches Hardware solutions / Routers & switches, VoIP, GSM, etc Cisco Small Business 300 Series Managed Switches Hardware solutions / Routers & switches, VoIP, GSM, etc Cisco 250 Series Smart Switches Hardware solutions / Routers & switches, VoIP, GSM, etc Cisco 350X Series Stackable Managed Switches Hardware solutions / Routers & switches, VoIP, GSM, etc Cisco 350 Series Managed Switches Hardware solutions / Routers & switches, VoIP, GSM, etc |
| Vendor | Cisco Systems, Inc |
Security Bulletin
This security bulletin contains one high risk vulnerability.
1) Authentication bypass (backdoor)
EUVDB-ID: #VU15758
Risk: High
CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:W/RC:C]
CVE-ID: CVE-2018-15439
CWE-ID:
CWE-798 - Use of Hard-coded Credentials
Exploit availability: No
DescriptionThe vulnerability allows a remote unauthenticated attacker to bypass authentication mechanism on the target device.
The weakness exist due to the presence of undocumented, static user credentials for the default administrative account. A remote attacker can use a backdoor account to log into the system, bypass authentication and execute arbitrary commands with full admin rights.
Cybersecurity Help is currently unaware of any solutions addressing the vulnerability.
The command show running-config | include privilege 15 will now produce the following output:
The workaround consists of adding at least one user account with access privilege set to level 15 in the device configuration. The following example shows how to configure an account by using admin as user ID, setting the access privilege to level 15, and defining the password by replacing Switch# configure terminal
Switch(config)# username admin privilege 15 password
Switch# show running-config | include privilege 15
username admin password encrypted
Cisco 550X Series Stackable Managed Switches: All versions
Cisco Small Business 200 Series Smart Switches: All versions
Cisco Small Business 500 Series Stackable Managed Switches: All versions
Cisco Small Business 300 Series Managed Switches: All versions
Cisco 250 Series Smart Switches: All versions
Cisco 350X Series Stackable Managed Switches: All versions
Cisco 350 Series Managed Switches: All versions
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-sbsw-privacc
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
