CVE-2018-15439

CWE-798 — Hard-coded Credentials4 documents4 sources

Severity

9.8CRITICAL

EPSS

50.7%

top 2.14%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Cisco Small Business 300 Series Managed Switches

Timeline

PublishedNov 8

Latest updateMay 13

Description

A vulnerability in the Cisco Small Business Switches software could allow an unauthenticated, remote attacker to bypass the user authentication mechanism of an affected device. The vulnerability exists because under specific circumstances, the affected software enables a privileged user account without notifying administrators of the system. An attacker could exploit this vulnerability by using this account to log in to an affected device and execute commands with full admin rights. Cisco has no…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

▶CVEListV5cisco/cisco_small_business_300_series_managed_switchesn/a

🔴Vulnerability Details

GHSA

GHSA-3f6c-mv48-pf3v: A vulnerability in the Cisco Small Business Switches software could allow an unauthenticated, remote attacker to bypass the user authentication mechan↗2022-05-13

▶

CVEList

Cisco Small Business Switches Privileged Access Vulnerability↗2018-11-08

▶

📋Vendor Advisories

Cisco

Cisco Small Business Switches Privileged Access Vulnerability↗2018-11-07

▶