CVE-2018-0150

Name of the Vulnerable Software and Affected Versions Cisco IOS XE Software versions 16.x and later

Description The issue is related to an undocumented user account with a default username and password, allowing an unauthenticated, remote attacker to log in to a device with privilege level 15 access. This account can be exploited to remotely connect to an affected device, potentially granting the attacker full access to the device. The vulnerability affects devices running Cisco IOS XE Software Release 16.x and later.

Recommendations For Cisco IOS XE Software versions 16.x and later, update to a version that includes the fix for this issue, as software updates have been released by Cisco to address this vulnerability. As a temporary workaround, consider changing the default username and password for the undocumented user account to prevent exploitation. Restrict access to the device to minimize the risk of exploitation until a patch is applied.