Lucene search

K
ciscoCiscoCISCO-SA-20180328-XESC
HistoryMar 28, 2018 - 4:00 p.m.

Cisco IOS XE Software Static Credential Vulnerability

2018-03-2816:00:00
tools.cisco.com
82

EPSS

0.004

Percentile

72.5%

A vulnerability in Cisco IOS XE Software could allow an unauthenticated, remote attacker to log in to a device running an affected release of Cisco IOS XE Software with the default username and password that are used at initial boot.

The vulnerability is due to an undocumented user account with privilege level 15 that has a default username and password. An attacker could exploit this vulnerability by using this account to remotely connect to an affected device. A successful exploit could allow the attacker to log in to the device with privilege level 15 access.

Cisco has released software updates that address this vulnerability. There are workarounds that address this vulnerability.

This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-xesc [“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-xesc”]
This advisory is part of the March 28, 2018, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes 20 Cisco Security Advisories that describe 22 vulnerabilities. For a complete list of the advisories and links to them, see Cisco Event Response: March 2018 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication [“https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-66682”].

Affected configurations

Vulners
Node
ciscocisco_ios_xe_softwareMatch3.2sg
OR
ciscocisco_ios_xe_softwareMatch3.4sg
OR
ciscocisco_ios_xe_softwareMatch3.13s
OR
ciscocisco_ios_xe_softwareMatch3.14s
OR
ciscocisco_ios_xe_softwareMatch16.3
OR
ciscocisco_ios_xe_softwareMatch16.4
OR
ciscocisco_ios_xe_softwareMatch16.5
OR
ciscocisco_ios_xe_softwareMatch16.6
OR
ciscocisco_ios_xe_softwareMatch16.7
OR
ciscocisco_ios_xe_softwareMatch16.8
OR
ciscocisco_ios_xe_softwareMatch16.9
OR
ciscocisco_ios_xe_softwareMatch3.2.9sg
OR
ciscocisco_ios_xe_softwareMatch3.4.5sg
OR
ciscocisco_ios_xe_softwareMatch3.4.6sg
OR
ciscocisco_ios_xe_softwareMatch3.13.1s
OR
ciscocisco_ios_xe_softwareMatch3.14.0s
OR
ciscocisco_ios_xe_softwareMatch16.3.1
OR
ciscocisco_ios_xe_softwareMatch16.3.2
OR
ciscocisco_ios_xe_softwareMatch16.3.3
OR
ciscocisco_ios_xe_softwareMatch16.3.1a
OR
ciscocisco_ios_xe_softwareMatch16.3.4
OR
ciscocisco_ios_xe_softwareMatch16.3.5
OR
ciscocisco_ios_xe_softwareMatch16.3.5b
OR
ciscocisco_ios_xe_softwareMatch16.3.6
OR
ciscocisco_ios_xe_softwareMatch16.3.7
OR
ciscocisco_ios_xe_softwareMatch16.4.1
OR
ciscocisco_ios_xe_softwareMatch16.4.2
OR
ciscocisco_ios_xe_softwareMatch16.4.3
OR
ciscocisco_ios_xe_softwareMatch16.5.1
OR
ciscocisco_ios_xe_softwareMatch16.5.1a
OR
ciscocisco_ios_xe_softwareMatch16.5.1b
OR
ciscocisco_ios_xe_softwareMatch16.5.2
OR
ciscocisco_ios_xe_softwareMatch16.5.3
OR
ciscocisco_ios_xe_softwareMatch16.6.1
OR
ciscocisco_ios_xe_softwareMatch16.6.2
OR
ciscocisco_ios_xe_softwareMatch16.6.3
OR
ciscocisco_ios_xe_softwareMatch16.6.4
OR
ciscocisco_ios_xe_softwareMatch16.6.4s
OR
ciscocisco_ios_xe_softwareMatch16.7.1
OR
ciscocisco_ios_xe_softwareMatch16.7.1a
OR
ciscocisco_ios_xe_softwareMatch16.7.1b
OR
ciscocisco_ios_xe_softwareMatch16.7.2
OR
ciscocisco_ios_xe_softwareMatch16.7.4
OR
ciscocisco_ios_xe_softwareMatch16.8.1
OR
ciscocisco_ios_xe_softwareMatch16.8.1a
OR
ciscocisco_ios_xe_softwareMatch16.8.1b
OR
ciscocisco_ios_xe_softwareMatch16.8.1s
OR
ciscocisco_ios_xe_softwareMatch16.8.1c
OR
ciscocisco_ios_xe_softwareMatch16.8.3
OR
ciscocisco_ios_xe_softwareMatch16.9.1
OR
ciscocisco_ios_xe_softwareMatch16.9.3h
VendorProductVersionCPE
ciscocisco_ios_xe_software3.2sgcpe:2.3:a:cisco:cisco_ios_xe_software:3.2sg:*:*:*:*:*:*:*
ciscocisco_ios_xe_software3.4sgcpe:2.3:a:cisco:cisco_ios_xe_software:3.4sg:*:*:*:*:*:*:*
ciscocisco_ios_xe_software3.13scpe:2.3:a:cisco:cisco_ios_xe_software:3.13s:*:*:*:*:*:*:*
ciscocisco_ios_xe_software3.14scpe:2.3:a:cisco:cisco_ios_xe_software:3.14s:*:*:*:*:*:*:*
ciscocisco_ios_xe_software16.3cpe:2.3:a:cisco:cisco_ios_xe_software:16.3:*:*:*:*:*:*:*
ciscocisco_ios_xe_software16.4cpe:2.3:a:cisco:cisco_ios_xe_software:16.4:*:*:*:*:*:*:*
ciscocisco_ios_xe_software16.5cpe:2.3:a:cisco:cisco_ios_xe_software:16.5:*:*:*:*:*:*:*
ciscocisco_ios_xe_software16.6cpe:2.3:a:cisco:cisco_ios_xe_software:16.6:*:*:*:*:*:*:*
ciscocisco_ios_xe_software16.7cpe:2.3:a:cisco:cisco_ios_xe_software:16.7:*:*:*:*:*:*:*
ciscocisco_ios_xe_software16.8cpe:2.3:a:cisco:cisco_ios_xe_software:16.8:*:*:*:*:*:*:*
Rows per page:
1-10 of 511

EPSS

0.004

Percentile

72.5%

Related for CISCO-SA-20180328-XESC