Please Contact Us for questions about the acquisition, product support, or account management.here.
Last week a vulnerability was discovered in Cisco devices, such as the Small Business 200 series which equips users with a default admin account and password. This ‘feature’ could allow unauthorized remote access to the network, where the attacker has admin rights.
This vulnerability (CVE-2018-15439) resides in the following Cisco products:
Small Business 200 Series Smart Switches
300 Series Managed Switches
250 Series Smart Switches
500 Series Stackable Managed Switches
350 Series Managed Switches
350X Series Stackable Managed Switches
550X Series Stackable Managed Switches
Although an update has not been released, Cisco has advised users to have one level 15 privilege account configured at all times. This will keep the default account deactivated. Additional measures include defining the password, replacing ‘strong_password’ with a stronger, modified password.