#VU15758 Authentication bypass (backdoor) in Cisco Systems, Inc products - CVE-2018-15439
Published: November 8, 2018
Vulnerability identifier: #VU15758
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2018-15439
CWE-ID: CWE-798
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Cisco 550X Series Stackable Managed Switches
Cisco Small Business 200 Series Smart Switches
Cisco Small Business 500 Series Stackable Managed Switches
Cisco Small Business 300 Series Managed Switches
Cisco 250 Series Smart Switches
Cisco 350X Series Stackable Managed Switches
Cisco 350 Series Managed Switches
Cisco 550X Series Stackable Managed Switches
Cisco Small Business 200 Series Smart Switches
Cisco Small Business 500 Series Stackable Managed Switches
Cisco Small Business 300 Series Managed Switches
Cisco 250 Series Smart Switches
Cisco 350X Series Stackable Managed Switches
Cisco 350 Series Managed Switches
Software vendor:
Cisco Systems, Inc
Cisco Systems, Inc
Description
The vulnerability allows a remote unauthenticated attacker to bypass authentication mechanism on the target device.
The weakness exist due to the presence of undocumented, static user credentials for the default administrative account. A remote attacker can use a backdoor account to log into the system, bypass authentication and execute arbitrary commands with full admin rights.
The weakness exist due to the presence of undocumented, static user credentials for the default administrative account. A remote attacker can use a backdoor account to log into the system, bypass authentication and execute arbitrary commands with full admin rights.
Remediation
Cybersecurity Help is currently unaware of any solutions addressing the vulnerability.
The workaround consists of adding at least one user account with access privilege set to level 15 in the device configuration. The following example shows how to configure an account by using admin as user ID, setting the access privilege to level 15, and defining the password by replacing <strong_password> with a complex password chosen by the user. By adding this user account, the default privileged account will be disabled.
The workaround consists of adding at least one user account with access privilege set to level 15 in the device configuration. The following example shows how to configure an account by using admin as user ID, setting the access privilege to level 15, and defining the password by replacing <strong_password> with a complex password chosen by the user. By adding this user account, the default privileged account will be disabled.
Switch# configure terminal Switch(config)# username admin privilege 15 password <strong_password>
The command show running-config | include privilege 15 will now produce the following output:
Switch# show running-config | include privilege 15 username admin password encrypted <encrypted-password> privilege 15