Workaround for severe Cisco unpatched vulnerability

In a recent advisory post on its website, Cisco disclosed a major unpatched vulnerability that affects the Small Business Switches software. The vulnerability, which has the advisory ID (CVE-2018-15439), allows for unauthenticated remote attackers to gain total control of a device. The attack vector is specifically the user authentication mechanism within the Small Business Switches software.

Cisco explains the flaw in detail in the following quote taken from the advisory, which also offers a workaround:

The vulnerability exists because under specific circumstances, the affected software enables a privileged user account without notifying administrators of the system. An attacker could exploit this vulnerability by using this account to log in to an affected device and execute commands with full admin rights.

Cisco has not released software updates that address this vulnerability. This advisory will be updated with fixed software information once fixed software becomes available. There is a workaround to address this vulnerability.

The Cisco workaround is having someone with administrator access “configure an account by using admin as user ID” then placing access privilege at level 15, and “defining the password by replacing <strong_password> with a complex password chosen by the user.” Until there is a patch, which Cisco acknowledged was in the works, this is the best bet for protecting your network from remote hackers.

Cisco stated that this unpatched vulnerability affects these specific products:

Cisco Small Business 200 Series Smart Switches
Cisco Small Business 300 Series Managed Switches
Cisco Small Business 500 Series Stackable Managed Switches
Cisco 250 Series Smart Switches
Cisco 350 Series Managed Switches
Cisco 350X Series Stackable Managed Switches
Cisco 550X Series Stackable Managed Switches

Cisco can be commended for staying ahead of the curve with this vulnerability notice. Some companies like to put their heads in the sand and just hope that the vulnerability will never cause serious issues. Instead of that, Cisco provided an effective workaround and is in the process of creating a patch. That is a response that other companies should model their vulnerability disclosure and containment procedures after.

Featured image: Flickr / Hades2k

Derek Kortepeter

Derek Kortepeter is a graduate of UCLA and tech journalist that is committed to creating an informed society with regards to Information Security. Kortepeter specializes in areas such as penetration testing, cryptography, cyber warfare, and governmental InfoSec policy.

Published by
Derek Kortepeter
Tags Cisco

Recent Posts

Simplifying cloud complexity: 4 roads to the same destination

As cloud computing grows, the sheer number of options can be a problem. But there…

2 hours ago

Building Exchange 2019 from scratch: Setting up a domain controller

If you are building a new Exchange 2019 environment from scratch, you will have to…

5 hours ago

RAID 1 vs. RAID 5: When to use each level and why

Redundant array of independent disks (RAID) is the logical grouping of two or more disks…

1 day ago

Microsoft 365 adds online scheduling to Microsoft Bookings app

Microsoft 365 users have access to an app called Microsoft Bookings. Before you dismiss it…

1 day ago

Biometrics authentication: Where the technology is now — and where it’s going

As cyberthreats rise in number and complexity, biometrics authentication technology has seen rapid adoption and…

4 days ago

Remote work vulnerabilities: Tips on avoiding a nightmare scenario

Remote work is likely to remain permanent — and so will the vulnerabilities it brings…

4 days ago