Vulnerability Description
A vulnerability in Cisco IOS XE Software could allow an unauthenticated, remote attacker to log in to a device running an affected release of Cisco IOS XE Software with the default username and password that are used at initial boot, aka a Static Credential Vulnerability. The vulnerability is due to an undocumented user account with privilege level 15 that has a default username and password. An attacker could exploit this vulnerability by using this account to remotely connect to an affected device. A successful exploit could allow the attacker to log in to the device with privilege level 15 access. This vulnerability affects Cisco devices that are running a vulnerable release of Cisco IOS XE Software Release 16.x. This vulnerability does not affect Cisco IOS XE Software releases prior to Release 16.x. Cisco Bug IDs: CSCve89880.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Ios Xe | 16.5.1 |
| Cisco | 4431 Integrated Services Router | - |
| Cisco | 4451 Integrated Services Router | - |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/103539Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1040579MitigationThird Party AdvisoryVDB Entry
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2MitigationVendor Advisory
- http://www.securityfocus.com/bid/103539Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1040579MitigationThird Party AdvisoryVDB Entry
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2MitigationVendor Advisory
FAQ
What is CVE-2018-0150?
CVE-2018-0150 is a vulnerability with a CVSS score of 9.8 (CRITICAL). A vulnerability in Cisco IOS XE Software could allow an unauthenticated, remote attacker to log in to a device running an affected release of Cisco IOS XE Software with the default username and passwo...
How severe is CVE-2018-0150?
CVE-2018-0150 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2018-0150?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Ios Xe, Cisco 4431 Integrated Services Router, Cisco 4451 Integrated Services Router.