Vulnerability identifier: #VU15758
Vulnerability risk: High
CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:W/RC:C]
CVE-ID:
CWE-ID:
CWE-798
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
Cisco 550X Series Stackable Managed Switches
Hardware solutions /
Routers & switches, VoIP, GSM, etc
Cisco Small Business 200 Series Smart Switches
Hardware solutions /
Routers & switches, VoIP, GSM, etc
Cisco Small Business 500 Series Stackable Managed Switches
Hardware solutions /
Routers & switches, VoIP, GSM, etc
Cisco Small Business 300 Series Managed Switches
Hardware solutions /
Routers & switches, VoIP, GSM, etc
Cisco 250 Series Smart Switches
Hardware solutions /
Routers & switches, VoIP, GSM, etc
Cisco 350X Series Stackable Managed Switches
Hardware solutions /
Routers & switches, VoIP, GSM, etc
Cisco 350 Series Managed Switches
Hardware solutions /
Routers & switches, VoIP, GSM, etc
Vendor: Cisco Systems, Inc
Description
The vulnerability allows a remote unauthenticated attacker to bypass authentication mechanism on the target device.
The weakness exist due to the presence of undocumented, static user credentials for the default administrative account. A remote attacker can use a backdoor account to log into the system, bypass authentication and execute arbitrary commands with full admin rights.
Mitigation
The command show running-config | include privilege 15 will now produce the following output:
Cybersecurity Help is currently unaware of any solutions addressing the vulnerability.
The workaround consists of adding at least one user account with access privilege set to level 15 in the device configuration. The following example shows how to configure an account by using admin as user ID, setting the access privilege to level 15, and defining the password by replacing Switch# configure terminal
Switch(config)# username admin privilege 15 password
Switch# show running-config | include privilege 15
username admin password encrypted
Vulnerable software versions
Cisco 550X Series Stackable Managed Switches: All versions
Cisco Small Business 200 Series Smart Switches: All versions
Cisco Small Business 500 Series Stackable Managed Switches: All versions
Cisco Small Business 300 Series Managed Switches: All versions
Cisco 250 Series Smart Switches: All versions
Cisco 350X Series Stackable Managed Switches: All versions
Cisco 350 Series Managed Switches: All versions
External links
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-sbsw-privacc
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.