Cisco Backdoor Account & Other Critical Vulnerabilities

Hello,

Very recently Cisco announced 3 "critical risk" and numerous other "high risk" vulnerabilities. One
of those vulnerabilities affect IOS XE devices which come with a default pre-configured privileged account which if known could grant easy access to the device by an attacker. Some sources say that this made its way by mistake from testing environment and wasn't removed by the developers before publishing the IOS XE image.
Below is a comprehensive table listing the vulnerabilities alongside their risk level and CVE reference. The affected platforms includes ISR4000, ASR900, ASR1000, Catalyst 3650/3850, Routers 2900, etc...

VulnerabilityRiskCVE
Cisco IOS XE Software Static Credential VulnerabilityCriticalCVE-2018-0150
Cisco IOS and IOS XE Software Quality of Service Remote Code Execution VulnerabilityCriticalCVE-2018-0151
Cisco IOS and IOS XE Software Smart Install Remote Code Execution VulnerabilityCriticalCVE-2018-0171
Cisco IOS and IOS XE Software DHCP Version 4 Relay Denial of Service VulnerabilityHighCVE-2018-0174
Cisco IOS and IOS XE Software DHCP Version 4 Relay Reply Denial of Service VulnerabilityHighCVE-2018-0173
Cisco IOS and IOS XE Software DHCP Version 4 Relay Heap Overflow Denial of Service VulnerabilityHighCVE-2018-0172
Cisco IOS Software Integrated Services Module for VPN Denial of Service VulnerabilityHighCVE-2018-0154
Cisco IOS XE Software Simple Network Management Protocol Double-Free Denial of Service VulnerabilityHighCVE-2018-0160
Cisco IOS and IOS XE Software Internet Key Exchange Version 1 Denial of Service VulnerabilityHighCVE-2018-0159
Cisco IOS XE Software with Cisco Umbrella Integration Denial of Service VulnerabilityHighCVE-2018-0170
Cisco IOS, IOS XE, and IOS XR Software Link Layer Discovery Protocol Buffer Overflow VulnerabilitiesHighCVE-2018-0167
CVE-2018-0175
Cisco IOS XE Software User EXEC Mode Root Shell Access VulnerabilitiesHighCVE-2018-0169
CVE-2018-0176
Cisco IOS XE Software Internet Group Management Protocol Memory Leak VulnerabilityHighCVE-2018-0165
Cisco IOS and IOS XE Software Bidirectional Forwarding Detection Denial of Service VulnerabilityHighCVE-2018-0155
Cisco IOS and IOS XE Software Smart Install Denial of Service VulnerabilityHighCVE-2018-0156
Cisco IOS XE Software for Cisco Catalyst Switches IPv4 Denial of Service VulnerabilityHighCVE-2018-0177
Cisco IOS and IOS XE Software Internet Key Exchange Memory Leak VulnerabilityHighCVE-2018-0158
Cisco IOS XE Software Zone-Based Firewall IP Fragmentation Denial of Service VulnerabilityHighCVE-2018-0157
Cisco IOS XE Software Web UI Remote Access Privilege Escalation VulnerabilityHighCVE-2018-0152
Cisco IOS Software Simple Network Management Protocol GET MIB Object ID Denial of Service VulnerabilityHighCVE-2018-0161



Latest
Previous
Next Post »

10 comments

Write comments