Cisco Catalyst 3750-X Series Switch Default Credentials Vulnerability

A vulnerability in the Service Module for Cisco Catalyst 3750-X Series Switches could allow an authenticated, local attacker to gain root access to the kernel running on the Cisco Service Module.

The vulnerability is due to default credentials on the Cisco Service Module. An attacker could exploit this vulnerability by logging in using the default credentials. An exploit could allow the attacker to take complete control of the operating system running on the service module.

Cisco has confirmed the vulnerability in a security notice and released software updates.

To exploit this vulnerability, an attacker must have local access to a targeted device, which may reside on trusted, internal networks. This access requirement decreases the likelihood of a successful exploit.

Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.