Patch/Configuration Management, Vulnerability Management

Critical vulnerability issued for Cisco switches

Cisco has revealed a critical-rated vulnerability in its small business switches software that if exploited can allow a remote attacker to bypass the device’s user authentication mechanism.

The vulnerability in version of the Cisco software exists because under specific circumstances, the affected software enables a privileged user account without notifying administrators of the system. An attacker could exploit this vulnerability by using this account to log in to an affected device and execute commands with full admin rights, the company said in an advisory.

The products involved are the:

  • Cisco Small Business 200 Series Smart Switches
  • Cisco Small Business 300 Series Managed Switches
  • Cisco Small Business 500 Series Stackable Managed Switches
  • Cisco 250 Series Smart Switches
  • Cisco 350 Series Managed Switches
  • Cisco 350X Series Stackable Managed Switches
  • Cisco 550X Series Stackable Managed Switches

At this time there is no patch available, but Cisco has issued a workaround.

“The workaround consists of adding at least one user account with access privilege set to level 15 in the device configuration,” the company said.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.