Critical Vulnerability in wide deployed Cisco Small Business Switches

Published by swasialam@gmail.com on

Critical Vulnerability in wide deployed Cisco Small Business Switches

According to Cisco Security Advisory, A vulnerability in the Cisco Small Business Switches software could allow an unauthenticated, remote attacker to bypass the user authentication mechanism of an affected device.

The vulnerability (CVE-2018-15439), which has a critical base CVSS 2.0 security and metrics base score is 9.3 High and CVSS 3.0 Base score is 8.1 High.

The vulnerability exists because under specific circumstances, the affected software enables a privileged user account without notifying administrators of the system. An attacker could exploit this vulnerability by using this account to log in to an affected device and execute commands with full admin rights.

Cisco has not released software updates that address this vulnerability. This advisory will be updated with fixed software information once fixed software becomes available but there is a workaround to address this vulnerability.

The workaround consists of adding at least one user account with access privilege set to level 15 in the device configuration. By adding this user account, the default privileged account will be disabled.

Want to fixed this vulnerability? check out the solution here.

Following are the Vulnerable Products:

This vulnerability affects the following Cisco Small Business product families running any software release if no user accounts with access privilege set to level 15 are configured on the device:

  • Cisco Small Business 200 Series Smart Switches
  • Cisco Small Business 300 Series Managed Switches
  • Cisco Small Business 500 Series Stackable Managed Switches
  • Cisco 250 Series Smart Switches
  • Cisco 350 Series Managed Switches
  • Cisco 350X Series Stackable Managed Switches
  • Cisco 550X Series Stackable Managed Switches 

Inspect InfoSec provides comprehensive vulnerability assessment and penetration testing services. We also have good resources about vulnerability assessment and penetration testing at our website that will help you learn and understand What, Why, When and How Of Penetration Testing?

Categories: News
Tags:

Related Posts

News

Critical Flaws in Remote Desktop Protocol

Multiple Flaws in Remote Desktop Protocol allows to attack RDP clients A research firm Check Point, has disclosed multiple flaws in the Remote Desktop Protocol. These vulnerabilities could allow compromised or infected machines to attack Read more…

News

Elevated privilege flaw in its Microsoft Exchange Server

Elevated privilege flaw in its Microsoft Exchange Server Elevated privilege flaw in Microsoft Exchange server would allow a remote attacker to impersonate an administrator. According to Microsoft security advisory number ADV190007, An elevation of privilege Read more…

News

Critical Bug in the Apple MacOS KeyChain

Critical Bug in the Apple MacOS KeyChain A new Apple zero-day vulnerability for MacOS allow an attacker to extract passwords from a targeted Mac’s Keychain password management system.  According to a security researcher Linus Henze, Read more…