Remote Access Vulnerability in Cisco Small Business Switches | SAT News

Last week a vulnerability was discovered in Cisco devices, such as the Small Business 200 series which equips users with a default admin account and password. This ‘feature’ could allow unauthorized remote access to the network, where the attacker has admin rights.

This vulnerability (CVE-2018-15439) resides in the following Cisco products:

 

Small Business 200 Series Smart Switches

300 Series Managed Switches

250 Series Smart Switches

500 Series Stackable Managed Switches

350 Series Managed Switches

350X Series Stackable Managed Switches

550X Series Stackable Managed Switches

 

Although an update has not been released, Cisco has advised users to have one level 15 privilege account configured at all times. This will keep the default account deactivated. Additional measures include defining the password, replacing ‘strong_password’ with a stronger, modified password.