CVE-2013-5522

Name of the Vulnerable Software and Affected Versions Cisco IOS on Catalyst 3750X switches (affected versions not specified)

Description A vulnerability exists due to default Service Module credentials, allowing local users to gain privileges via a Service Module login. This issue makes it easier for an authenticated, local attacker to gain root access to the kernel running on the Cisco Service Module by logging in using the default credentials. An exploit could allow the attacker to take complete control of the operating system running on the service module. The vulnerability can be exploited by an attacker with local access to a targeted device, which may reside on trusted, internal networks.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.