9.3
CVSSv2

CVE-2018-15439

Published: 08/11/2018 Updated: 28/08/2020
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 828
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Summary

A vulnerability in the Cisco Small Business Switches software could allow an unauthenticated, remote malicious user to bypass the user authentication mechanism of an affected device. The vulnerability exists because under specific circumstances, the affected software enables a privileged user account without notifying administrators of the system. An attacker could exploit this vulnerability by using this account to log in to an affected device and execute commands with full admin rights. Cisco has not released software updates that address this vulnerability. This advisory will be updated with fixed software information once fixed software becomes available. There is a workaround to address this vulnerability.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

cisco sg200-50_firmware -

cisco sg200-50p_firmware -

cisco sg200-50fp_firmware -

cisco sg200-26_firmware -

cisco sg200-26p_firmware -

cisco sg200-26fp_firmware -

cisco sg200-18_firmware -

cisco sg200-10fp_firmware -

cisco sg200-08_firmware -

cisco sg200-08p_firmware -

cisco sf200-24_firmware -

cisco sf200-24p_firmware -

cisco sf200-24fp_firmware -

cisco sf200-48_firmware -

cisco sf200-48p_firmware -

cisco sf302-08pp_firmware -

cisco sf302-08mpp_firmware -

cisco sg300-10pp_firmware -

cisco sg300-10mpp_firmware -

cisco sf300-24pp_firmware -

cisco sf300-48pp_firmware -

cisco sg300-28pp_firmware -

cisco sf300-08_firmware -

cisco sf300-48p_firmware -

cisco sg300-10mp_firmware -

cisco sg300-10p_firmware -

cisco sg300-10_firmware -

cisco sg300-28p_firmware -

cisco sf300-24p_firmware -

cisco sf302-08mp_firmware -

cisco sg300-28_firmware -

cisco sf300-48_firmware -

cisco sg300-20_firmware -

cisco sf302-08p_firmware -

cisco sg300-52_firmware -

cisco sf300-24_firmware -

cisco sf302-08_firmware -

cisco sf300-24mp_firmware -

cisco sg300-10sfp_firmware -

cisco sg300-28mp_firmware -

cisco sg300-52p_firmware -

cisco sg300-52mp_firmware -

cisco sg500-28mpp_firmware -

cisco sg500-52mp_firmware -

cisco sg500xg-8f8t_firmware -

cisco sf500-24_firmware -

cisco sf500-24p_firmware -

cisco sf500-48_firmware -

cisco sf500-48p_firmware -

cisco sg500-28_firmware -

cisco sg500-28p_firmware -

cisco sg500-52_firmware -

cisco sg500-52p_firmware -

cisco sg500x-24_firmware -

cisco sg500x-24p_firmware -

cisco sg500x-48_firmware -

cisco sg500x-48p_firmware -

cisco sg250x-24_firmware -

cisco sg250x-24p_firmware -

cisco sg250x-48_firmware -

cisco sg250x-48p_firmware -

cisco sg250-08_firmware -

cisco sg250-08hp_firmware -

cisco sg250-10p_firmware -

cisco sg250-18_firmware -

cisco sg250-26_firmware -

cisco sg250-26hp_firmware -

cisco sg250-26p_firmware -

cisco sg250-50_firmware -

cisco sg250-50hp_firmware -

cisco sg250-50p_firmware -

cisco sf250-24_firmware -

cisco sf250-24p_firmware -

cisco sf250-48_firmware -

cisco sf250-48hp_firmware -

cisco sg350-10_firmware -

cisco sg350-10p_firmware -

cisco sg350-10mp_firmware -

cisco sg355-10p_firmware -

cisco sg350-28_firmware -

cisco sg350-28p_firmware -

cisco sg350-28mp_firmware -

cisco sf350-48_firmware -

cisco sf350-48p_firmware -

cisco sf350-48mp_firmware -

cisco sg350xg-2f10_firmware -

cisco sg350xg-24f_firmware -

cisco sg350xg-24t_firmware -

cisco sg350xg-48t_firmware -

cisco sg350x-24_firmware -

cisco sg350x-24p_firmware -

cisco sg350x-24mp_firmware -

cisco sg350x-48_firmware -

cisco sg350x-48p_firmware -

cisco sg350x-48mp_firmware -

cisco sx550x-16ft_firmware -

cisco sx550x-24ft_firmware -

cisco sx550x-12f_firmware -

cisco sx550x-24f_firmware -

cisco sx550x-24_firmware -

cisco sx550x-52_firmware -

cisco sg550x-24_firmware -

cisco sg550x-24p_firmware -

cisco sg550x-24mp_firmware -

cisco sg550x-24mpp_firmware -

cisco sg550x-48_firmware -

cisco sg550x-48p_firmware -

cisco sg550x-48mp_firmware -

cisco sf550x-24_firmware -

cisco sf550x-24p_firmware -

cisco sf550x-24mp_firmware -

cisco sf550x-48_firmware -

cisco sf550x-48p_firmware -

cisco sf550x-48mp_firmware -

Vendor Advisories

A vulnerability in the Cisco Small Business Switches software could allow an unauthenticated, remote attacker to bypass the user authentication mechanism of an affected device The vulnerability exists because under specific circumstances, the affected software enables a privileged user account without notifying administrators of the system An att ...

Recent Articles

Critical, Unpatched Cisco Flaw Leaves Small Business Networks Wide Open
Threatpost • Tara Seals • 18 Jan 2019

A critical and unpatched vulnerability in the widely deployed Cisco Small Business Switch software leaves the door open to remote, unauthenticated attackers gaining full administrative control over the device – and therefore the network.
Cisco Small Business Switches were developed for small office and home office (SOHO) environments, to manage and control small local area networks with no more than a handful of workstations. They come in cloud-based, managed and unmanaged “flavors,”...

Cisco Accidentally Released Dirty Cow Exploit Code in Software
Threatpost • Lindsey O'Donnell • 08 Nov 2018

Cisco Systems revealed in a security bulletin Wednesday that it “inadvertently” shipped in-house exploit code that was used in security tests of scripts as part of its TelePresence Video Communication Server and Expressway Series software. The code exploits the Dirty Cow vulnerability (CVE-2016-5195), a well-known privilege escalation vulnerability in the Linux Kernel, which came to light in 2016.
The code was used internally by Cisco in validation scripts to be included in shippin...