Critical Cisco SMB Switch Vulnerability
This Critical Cisco vulnerability affects the following: Cisco Small Business 200 Series Smart Switches, 250 Series Smart Switches, 300 Series Managed Switches, 350 Series Managed Switches, Cisco 350X Series Stackable Managed Switches, 500 Series Stackable Managed Switches and 550X Series Stackable Managed Switches.
The vulnerability (CVE-2018-15439), which has a critical base severity rating of 9.8 because the default configuration on the devices includes a default, privileged user account that is used for 1st time login and cannot be removed from the switch. The administrator can disable the account by configuring another admin account with access privilege set to level 15. If any of the previous created admin accounts are removed it re-enables the default privileged admin account without any notification.
“Under these circumstances, an attacker can use this account to log in to an affected device and execute commands with full admin rights,” Cisco explained in its advisory on Wednesday. “[It] could allow an unauthenticated, remote attacker to bypass the user-authentication mechanism of an affected device.”
Since the switches are used to manage a LAN, a successful exploit means that a remote attacker would gain access to network security functions such as firewalls, as well as the management interface for administering voice, data and wireless connectivity for network devices.
Currently Cisco has no patch to address this vulnerability. There is a simple workaround that Cisco suggested and it was to add at least one user account with access privilege set to level 15 in the device configuration.
- Automating System Updates with Unattended-Upgrades on Ubuntu
- How to Add a Large Disk Partition as Storage in Proxmox VE
- How to Remove Radmin Viewer with PowerShell
- How to Automate Ubuntu Server System Updates and Package Installation
- Introducing Zevonix: Your Pathway to Smarter IT
Discover more from Patrick Domingues
Subscribe to get the latest posts sent to your email.