BDU:2018-01451

BDU

Critical

Уязвимость микропрограммного обеспечения сетевых устройств Cisco Small Business связана с использованием предустановленных учетных данных. …

CVSS

9.8

Critical

EPSS

0.00

Published

2018-01-01

Updated

2018-01-01

Description

Уязвимость микропрограммного обеспечения сетевых устройств Cisco Small Business связана с использованием предустановленных учетных данных. Уязвимость может позволить нарушителю, действующему удаленно, обойти процедуру аутентификации и выполнить произвольные команды с привилегиями администратора

Tags · CWE

Pre-auth

Affected products

Cisco systems inc. Cisco 250 series smart switchesCisco systems inc. Cisco 350 series managed switchesCisco systems inc. Cisco 350x series stackable managed switchesCisco systems inc. Cisco 550x series stackable managed switchesCisco systems inc. Cisco small business 200 series smart switchesCisco systems inc. Cisco small business 300 series managed switchesCisco systems inc. Cisco small business 500 series stackable managed switches

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Timeline

2018-01-01

Published

2018-01-01

Updated

CVSS 3.1 breakdown

Attack Vector

AV: N

Network (N)

Attack Complexity

AC: L

Low (L)

Privileges Required

PR: N

None (N)

User Interaction

UI: N

None (N)

Scope

S: U

Unchanged (U)

Confidentiality Impact

C: H

High (H)

Integrity Impact

I: H

High (H)

Availability Impact

A: H

High (H)

Exploit indicators

EPSS

0.000 · p0

Known exploited (KEV)

Known exploits — Сканер-ВС

No Сканер-ВС checks registered for this vulnerability yet.

Affected software

Product	Vendor	Status
cisco 250 series smart switches	cisco systems inc.	Tracked
cisco 350 series managed switches	cisco systems inc.	Tracked
cisco 350x series stackable managed switches	cisco systems inc.	Tracked
cisco 550x series stackable managed switches	cisco systems inc.	Tracked
cisco small business 200 series smart switches	cisco systems inc.	Tracked
cisco small business 300 series managed switches	cisco systems inc.	Tracked
cisco small business 500 series stackable managed switches	cisco systems inc.	Tracked

Source databases

BDU

Related vulnerabilities

CVE-2018-15439

External references

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-15439@http://www.cisco.com/c/en/us/support/docs/csa/cisco-sa-20181107-sbsw-privacc.html@https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-sbsw-privacc