Unauthorised Remote Access Vulnerability Discovered on Cisco Small Business Switches

Businesses using Cisco Small Business 200 Series Smart Switches; CSB 300 Series Managed Switches;  Cisco 250 Series Smart Switches; CSB 500 Series Stackable Managed Switches; Cisco 350 Series Managed Switches; Cisco 350X Series Stackable Managed Switches; or Cisco 550X Series Stackable Managed Switches are vulnerable to a flaw given a CVSS severity rating of 9.8 (CVE-2018-15439).

The affected Cisco series prides itself on being the solution for small businesses. It is a network security device that allows businesses to set up their network. Users can then connect to and effectively share resources at a low cost. Devices such as Cisco Small Business 200 Series Smart Switches, equips users with a default admin account and password. This is not always a good thing.

Last week the vulnerability CVE-2018-15439 was consequently discovered from this flaw. The weakness allows unauthorised remote access to the business network where the user can execute commands having gained admin rights. Taking off all level 15 privilege user-configured accounts exploits the vulnerability. The compromised device can then re-enable a privileged default account without notifying administrators. It is not possible to disable the default account.

Handling the vulnerability

There is currently no release of updates. Nevertheless, Cisco has advised users to have one level 15 privilege account configured at all times. This will keep the default account deactivated. Additional measures include defining the password, replacing <strong_password> with a stronger modified password.

Unauthorised access gained into a network, can be devastating to a business. The unauthorised user will be able to carry out malicious acts such as take over the network and steal data. However, not all devices are affected. Cisco reported the 200 E Series Smart Switches and the Cisco 220 Series were unexposed. Unaffected devices also include those running on IOS.

No reports of attacks, data breaches or leaks have sufficed. Cisco are yet to release any information indicating when patches will be released.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients