Authentication bypass (backdoor) in Cisco Systems, Inc products - CVE-2018-15439
Published: November 8, 2018
Vulnerability identifier: #VU15758
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2018-15439
CWE-ID: CWE-798
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Cisco Systems, Inc
Affected software:
Cisco 550X Series Stackable Managed Switches
Cisco Small Business 200 Series Smart Switches
Cisco Small Business 500 Series Stackable Managed Switches
Cisco Small Business 300 Series Managed Switches
Cisco 250 Series Smart Switches
Cisco 350X Series Stackable Managed Switches
Cisco 350 Series Managed Switches
Cisco 550X Series Stackable Managed Switches
Cisco Small Business 200 Series Smart Switches
Cisco Small Business 500 Series Stackable Managed Switches
Cisco Small Business 300 Series Managed Switches
Cisco 250 Series Smart Switches
Cisco 350X Series Stackable Managed Switches
Cisco 350 Series Managed Switches
Detailed vulnerability description
The vulnerability allows a remote unauthenticated attacker to bypass authentication mechanism on the target device.
The weakness exist due to the presence of undocumented, static user credentials for the default administrative account. A remote attacker can use a backdoor account to log into the system, bypass authentication and execute arbitrary commands with full admin rights.
The weakness exist due to the presence of undocumented, static user credentials for the default administrative account. A remote attacker can use a backdoor account to log into the system, bypass authentication and execute arbitrary commands with full admin rights.
How to mitigate CVE-2018-15439
Cybersecurity Help is currently unaware of any solutions addressing the vulnerability.
The workaround consists of adding at least one user account with access privilege set to level 15 in the device configuration. The following example shows how to configure an account by using admin as user ID, setting the access privilege to level 15, and defining the password by replacing <strong_password> with a complex password chosen by the user. By adding this user account, the default privileged account will be disabled.
The workaround consists of adding at least one user account with access privilege set to level 15 in the device configuration. The following example shows how to configure an account by using admin as user ID, setting the access privilege to level 15, and defining the password by replacing <strong_password> with a complex password chosen by the user. By adding this user account, the default privileged account will be disabled.
Switch# configure terminal Switch(config)# username admin privilege 15 password <strong_password>
The command show running-config | include privilege 15 will now produce the following output:
Switch# show running-config | include privilege 15 username admin password encrypted <encrypted-password> privilege 15