Default Account Exposes Cisco Switches to Remote Attacks


A default account present in Cisco Small Business switches can allow remote attackers to gain complete access to vulnerable devices. The networking giant has yet to release patches, but a workaround is available.

According to Cisco, Small Business switches running any software release come with a default account that is provided for the initial login. The account has full administrator privileges and it cannot be removed from the system.

The account is disabled if an administrator configures at least one other user account with the access privilege set to level 15, which is equivalent to root/administrator and provides full access to the switch. However, if no level 15 accounts are configured or existing level 15 accounts are removed from the device, the default account is re-enabled and the administrator is not notified.

Malicious actors can leverage this account to log in to a device and execute arbitrary commands with full admin privileges.

The vulnerability, tracked as CVE-2018-15439, was reported to Cisco by Thor Simon of Two Sigma Investments LP. The vendor says it’s not aware of any attempts to exploit the vulnerability for malicious purposes.

Read more…