SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Device (Router/Bridge/Hub)  >   Cisco IOS Vendors:   Cisco
Cisco IOS XE Default Credentials Let Remote Users Access the Target System
SecurityTracker Alert ID:  1040579
SecurityTracker URL:  http://securitytracker.com/id/1040579
CVE Reference:   CVE-2018-0150   (Links to External Site)
Date:  Mar 28 2018
Impact:   User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): IOS XE 16.x
Description:   A vulnerability was reported in Cisco IOS XE. A remote user can gain access to the target system.

The system includes an undocumented user account with a default username and password. A remote user can use these credentials to gain access to the target system with level 15 privileges.

The vendor has assigned bug ID CSCve89880 to this vulnerability.

Impact:   A remote user can gain access to the target system with level 15 privileges.
Solution:   The vendor has issued a fix.

As a workaround, the 'no username cisco' command can be applied in the device configuration to remove the account, or the password for the 'cisco' user account can be changed.

The vendor advisory is available at:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-xesc

Vendor URL:  tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-xesc (Links to External Site)
Cause:   Configuration error

Message History:   None.


 Source Message Contents

Subject:  https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-xesc

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC