Use of hard-coded credentials in Cisco Systems, Inc products - #VU20875
Published: September 5, 2019
Vulnerability identifier: #VU20875
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: N/A
CWE-ID: CWE-798
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Cisco Systems, Inc
Affected software:
Cisco RV340 Dual WAN Gigabit VPN Router
Cisco Small Business RV 260 Series VPN Router
Cisco Small Business RV160 Series VPN Router
Cisco RV340 Dual WAN Gigabit VPN Router
Cisco Small Business RV 260 Series VPN Router
Cisco Small Business RV160 Series VPN Router
Detailed vulnerability description
The vulnerability allows a remote attacker to gain full access to vulnerable system.
The vulnerability exists due to presence of hard-coded credentials in application code. A remote authenticated attacker with access to the base operating system can access the affected system and elevate privileges to these users: root, debug-admin, cisco, admin, and guest.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Remediation
Install updates from vendor's website.