Rewterz Threat Advisory – CVE-2018-15439 – Cisco Small Business Switches Privileged Access Vulnerability

SEVERITY: High

ANALYSIS SUMMARY

A vulnerability in the Cisco Small Business Switches software could allow an unauthenticated, remote attacker to bypass the user authentication mechanism of an affected device. The vulnerability exists because under specific circumstances, the affected software enables a privileged user account without notifying administrators of the system.

An attacker could exploit this vulnerability by using this account to log in to an affected device and execute commands with full admin rights.

IMPACT

Authentication bypass
Privileged access

AFFECTED PRODUCTS

• Cisco Small Business 200 Series Smart Switches
• Cisco Small Business 300 Series Managed Switches
• Cisco Small Business 500 Series Stackable Managed Switches
• Cisco 250 Series Smart Switches
• Cisco 350 Series Managed Switches
• Cisco 350X Series Stackable Managed Switches
• Cisco 550X Series Stackable Managed Switches

REMEDIATION

Vendor has not released any update/ patch for the vulnerability yet. However, Cisco suggests the following work-around for this flaw:

“The workaround consists of adding at least one user account with access privilege set to level 15 in the device configuration. The following example shows how to configure an account by using admin as user ID, setting the access privilege to level 15, and defining the password by replacing with a complex password chosen by the user. By adding this user account, the default privileged account will be disabled.

 

Switch# configure terminal Switch(config)# username admin privilege 15 password <strong_password>

 

The command show running-config | include privilege 15 will now produce the following output:

Switch# show running-config | include privilege 15 username admin password encrypted privilege 15″