cbcvebase.
CVE-2018-15439
published 2018-11-08

CVE-2018-15439: A vulnerability in the Cisco Small Business Switches software could allow an unauthenticated, remote attacker to bypass the user authentication mechanism of an…

PriorityP183critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
49.74%
98.8th percentile
A vulnerability in the Cisco Small Business Switches software could allow an unauthenticated, remote attacker to bypass the user authentication mechanism of an affected device. The vulnerability exists because under specific circumstances, the affected software enables a privileged user account without notifying administrators of the system. An attacker could exploit this vulnerability by using this account to log in to an affected device and execute commands with full admin rights. Cisco has not released software updates that address this vulnerability. This advisory will be updated with fixed software information once fixed software becomes available. There is a workaround to address this vulnerability.

Affected

2 ranges
VendorProductVersion rangeFixed in
ciscocisco_small_business_300_series_managed_switches
ciscosmall_business_switches

Detection & IOCsextracted from sources · hover to see the quote

  • The vulnerability enables a hidden privileged user account on affected Cisco Small Business Switches; monitor for unexpected or undocumented admin-level user account logins on these devices.
  • Detect unauthenticated remote login attempts using a privileged account on Cisco Small Business Switches, particularly any session achieving full admin rights without prior credential provisioning.
  • Track Cisco bug IDs CSCvk20713 and CSCvm11846 for patch availability and affected firmware versions to prioritize vulnerable asset identification.
  • ·No software fix was available at time of advisory publication; a workaround exists and should be applied. Monitor the advisory for updated fixed software information.
  • ·The hidden privileged account is only enabled under specific circumstances; defenders should review those conditions (detailed in the advisory) to assess exposure.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vendor_cisco9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.