Critical vulnerability issued for Cisco switches

[ JAN 24, 2019 ]

Cisco has revealed a critical-rated vulnerability in its small business switches software that if exploited can allow a remote attacker to bypass the device’s user authentication mechanism.

The vulnerability in version 1.4.9.04 of the Cisco software exists because under specific circumstances, the affected software enables a privileged user account without notifying administrators of the system. An attacker could exploit this vulnerability by using this account to log in to an affected device and execute commands with full admin rights, the company said in an advisory.

The products involved are the:

    Cisco Small Business 200 Series Smart Switches

    Cisco Small Business 300 Series Managed Switches

    Cisco Small Business 500 Series Stackable Managed Switches

    Cisco 250 Series Smart Switches

    Cisco 350 Series Managed Switches

    Cisco 350X Series Stackable Managed Switches

    Cisco 550X Series Stackable Managed Switches

Cyber Security Tips :

At this time there is no patch available, but Cisco has issued a workaround.

“The workaround consists of adding at least one user account with access privilege set to level 15 in the device configuration,” the company said.


 

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Create a free website or blog at WordPress.com.

Up ↑

%d bloggers like this: