#VU15758 Authentication bypass (backdoor) in Cisco Systems, Inc Hardware solutions


Published: 2018-11-08

Vulnerability identifier: #VU15758

Vulnerability risk: High

CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:W/RC:C]

CVE-ID: CVE-2018-15439

CWE-ID: CWE-798

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Cisco 550X Series Stackable Managed Switches
Hardware solutions / Routers & switches, VoIP, GSM, etc
Cisco Small Business 200 Series Smart Switches
Hardware solutions / Routers & switches, VoIP, GSM, etc
Cisco Small Business 500 Series Stackable Managed Switches
Hardware solutions / Routers & switches, VoIP, GSM, etc
Cisco Small Business 300 Series Managed Switches
Hardware solutions / Routers & switches, VoIP, GSM, etc
Cisco 250 Series Smart Switches
Hardware solutions / Routers & switches, VoIP, GSM, etc
Cisco 350X Series Stackable Managed Switches
Hardware solutions / Routers & switches, VoIP, GSM, etc
Cisco 350 Series Managed Switches
Hardware solutions / Routers & switches, VoIP, GSM, etc

Vendor: Cisco Systems, Inc

Description
The vulnerability allows a remote unauthenticated attacker to bypass authentication mechanism on the target device.

The weakness exist due to the presence of undocumented, static user credentials for the default administrative account. A remote attacker can use a backdoor account to log into the system, bypass authentication and execute arbitrary commands with full admin rights.

Mitigation
Cybersecurity Help is currently unaware of any solutions addressing the vulnerability.

The workaround consists of adding at least one user account with access privilege set to level 15 in the device configuration. The following example shows how to configure an account by using admin as user ID, setting the access privilege to level 15, and defining the password by replacing with a complex password chosen by the user. By adding this user account, the default privileged account will be disabled.

Switch# configure terminal
Switch(config)# username admin privilege 15 password

The command show running-config | include privilege 15 will now produce the following output: 

Switch# show running-config | include privilege 15 
username admin password encrypted  privilege 15

Vulnerable software versions

Cisco 550X Series Stackable Managed Switches: All versions

Cisco Small Business 200 Series Smart Switches: All versions

Cisco Small Business 500 Series Stackable Managed Switches: All versions

Cisco Small Business 300 Series Managed Switches: All versions

Cisco 250 Series Smart Switches: All versions

Cisco 350X Series Stackable Managed Switches: All versions

Cisco 350 Series Managed Switches: All versions

External links
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-sbsw-privacc

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Authentication bypass (backdoor) in Cisco 550X Series Stackable Managed Switches