CVE-2018-15439

Name of the Vulnerable Software and Affected Versions Cisco Small Business Switches (affected versions not specified)

Description A vulnerability in the software could allow an unauthenticated, remote attacker to bypass the user authentication mechanism of an affected device. The issue exists because under specific circumstances, the affected software enables a privileged user account without notifying administrators of the system. An attacker could exploit this by using this account to log in to an affected device and execute commands with full admin rights. The vulnerability is also related to the use of pre-installed credentials, which could allow a remote attacker to bypass authentication and execute arbitrary commands with administrator privileges.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the device and disabling any unused privileged accounts to minimize the risk of exploitation.