What is the threat?
Security researchers identified a critical and unpatched vulnerability (CVE-2018-15439) in the widely deployed Cisco Small Business Switch Software that could allow a remote attacker to bypass security restrictions and gain full admin access. The default configuration on the vulnerable devices includes a privileged user account that is used for the initial login and cannot be removed from the system.
Why is this noteworthy?
The vulnerability has been rated with a severity of 9.8 – critical, because switches are used to manage LANs and successful exploitation would allow the remote attacker to control security systems such as firewalls and the management interface for administering data, voice, and wireless connectivity for network devices.
What is the exposure or risk?
The vulnerability affects a significant number of Cisco Small Business products. Exploitation of this vulnerability could allow attackers to steal sensitive/personal information, install potentially malicious software, and give them a way to consistently access the network. The following Cisco Small Business product families are vulnerable:
- Cisco Small Business 200 Series Smart Switches
- Cisco Small Business 300 Series Managed Switches
- Cisco Small Business 500 Series Stackable Managed Switches
- Cisco 250 Series Smart Switches
- Cisco 350 Series Managed Switches
- Cisco 350X Series Stackable Managed Switches
- Cisco 550X Series Stackable Managed Switches
What are the recommendations?
Cisco has not released a patch to address the vulnerability. It is recommended to use the following workaround temporarily: disable the default, privileged user account that is used for the initial logon by setting at least one user account with access privilege to level 15 in the device configuration. This will prevent the vulnerability from being exploited. It’s also recommended to periodically check the Cisco website for a patch update for this critical vulnerability.
For more in-depth information about the recommendations, please visit the following links:
If you have any questions, please contact our Secure Intelligence Center.