Cisco Small Business Switches are vulnerable to a remote attack where commands with admin privileges can be executed. The vulnerability is tracked under CVE-2018-15439, and it could allow an unauthenticated, remote attacker to bypass the user authentication mechanism of an affected device, and execute commands. As of now, the vulnerability hasn’t been fixed, but there is an available workaround.
CVE-2018-15439 Technical Overview
The very first question to ask is whether this vulnerability exists. It appears that, under “specific circumstances”, the affected software enables a privileged user accounts, and does so without alerting the administrator, Cisco explains in the official advisory.
In case of an exploit, the attacker can use the privileged account to log into affected devices and execute various commands with full administrative rights.
The next question to ask is what products are affected by CVE-2018-15439, and here is the list:
– Cisco Small Business 200 Series Smart Switches
– Cisco Small Business 300 Series Managed Switches
– Cisco Small Business 500 Series Stackable Managed Switches
– Cisco 250 Series Smart Switches
– Cisco 350 Series Managed Switches
– Cisco 350X Series Stackable Managed Switches
– Cisco 550X Series Stackable Managed Switches
CVE-2018-15439 : Workaround
The workaround for the vulnerability acquires adding at least one user account with access privilege set to level 15 in the device configuration, Cisco says.
So, you should know how to configure such an account, and here are the steps.
You should use admin as user ID, set the access privilege to level 15, and define the password by replacing
Switch# configure terminal
Switch(config)# username admin privilege 15 password
The command show running-config | include privilege 15 will now produce the following output:
Switch# show running-config | include privilege 15
username admin password encrypted