Lucene search

CiscoCISCO-SA-20180328-XESC

HistoryMar 28, 2018 - 4:00 p.m.

Cisco IOS XE Software Static Credential Vulnerability

2018-03-2816:00:00

tools.cisco.com

0.004 Low

EPSS

Percentile

72.6%

JSON

A vulnerability in Cisco IOS XE Software could allow an unauthenticated, remote attacker to log in to a device running an affected release of Cisco IOS XE Software with the default username and password that are used at initial boot.

The vulnerability is due to an undocumented user account with privilege level 15 that has a default username and password. An attacker could exploit this vulnerability by using this account to remotely connect to an affected device. A successful exploit could allow the attacker to log in to the device with privilege level 15 access.

Cisco has released software updates that address this vulnerability. There are workarounds that address this vulnerability.

This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-xesc [“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-xesc”]
This advisory is part of the March 28, 2018, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes 20 Cisco Security Advisories that describe 22 vulnerabilities. For a complete list of the advisories and links to them, see Cisco Event Response: March 2018 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication [“https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-66682”].

Affected configurations

Vulners

Node

ciscorvs4000_softwareMatch3.2sg

ciscorvs4000_softwareMatch3.4sg

ciscorvs4000_softwareMatch3.13s

ciscorvs4000_softwareMatch3.14s

ciscorvs4000_softwareMatch16.3

ciscorvs4000_softwareMatch16.4

ciscorvs4000_softwareMatch16.5

ciscorvs4000_softwareMatch16.6

ciscorvs4000_softwareMatch16.7

ciscorvs4000_softwareMatch16.8

ciscorvs4000_softwareMatch16.9

ciscorvs4000_softwareMatch3.2.9sg

ciscorvs4000_softwareMatch3.4.5sg

ciscorvs4000_softwareMatch3.4.6sg

ciscorvs4000_softwareMatch3.13.1s

ciscorvs4000_softwareMatch3.14.0s

ciscorvs4000_softwareMatch16.3.1

ciscorvs4000_softwareMatch16.3.2

ciscorvs4000_softwareMatch16.3.3

ciscorvs4000_softwareMatch16.3.1a

ciscorvs4000_softwareMatch16.3.4

ciscorvs4000_softwareMatch16.3.5

ciscorvs4000_softwareMatch16.3.5b

ciscorvs4000_softwareMatch16.3.6

ciscorvs4000_softwareMatch16.3.7

ciscorvs4000_softwareMatch16.4.1

ciscorvs4000_softwareMatch16.4.2

ciscorvs4000_softwareMatch16.4.3

ciscorvs4000_softwareMatch16.5.1

ciscorvs4000_softwareMatch16.5.1a

ciscorvs4000_softwareMatch16.5.1b

ciscorvs4000_softwareMatch16.5.2

ciscorvs4000_softwareMatch16.5.3

ciscorvs4000_softwareMatch16.6.1

ciscorvs4000_softwareMatch16.6.2

ciscorvs4000_softwareMatch16.6.3

ciscorvs4000_softwareMatch16.6.4

ciscorvs4000_softwareMatch16.6.4s

ciscorvs4000_softwareMatch16.7.1

ciscorvs4000_softwareMatch16.7.1a

ciscorvs4000_softwareMatch16.7.1b

ciscorvs4000_softwareMatch16.7.2

ciscorvs4000_softwareMatch16.7.4

ciscorvs4000_softwareMatch16.8.1

ciscorvs4000_softwareMatch16.8.1a

ciscorvs4000_softwareMatch16.8.1b

ciscorvs4000_softwareMatch16.8.1s

ciscorvs4000_softwareMatch16.8.1c

ciscorvs4000_softwareMatch16.8.3

ciscorvs4000_softwareMatch16.9.1

ciscorvs4000_softwareMatch16.9.3h

CPENameOperatorVersion
cisco ios xe softwareeq3.2SG
cisco ios xe softwareeq3.4SG
cisco ios xe softwareeq3.13S
cisco ios xe softwareeq3.14S
cisco ios xe softwareeq16.3
cisco ios xe softwareeq16.4
cisco ios xe softwareeq16.5
cisco ios xe softwareeq16.6
cisco ios xe softwareeq16.7
cisco ios xe softwareeq16.8

Name	Operator	Version
cisco ios xe software	eq	3.2SG
cisco ios xe software	eq	3.4SG
cisco ios xe software	eq	3.13S
cisco ios xe software	eq	3.14S
cisco ios xe software	eq	16.3
cisco ios xe software	eq	16.4
cisco ios xe software	eq	16.5
cisco ios xe software	eq	16.6
cisco ios xe software	eq	16.7
cisco ios xe software	eq	16.8