Critical, Unpatched Cisco Flaw Leaves Small Business Networks Wide Open


A critical and unpatched vulnerability in the widely deployed Cisco Small Business Switch software leaves the door open to remote, unauthenticated attackers gaining full administrative control over the device – and therefore the network.

Cisco Small Business Switches were developed for small office and home office (SOHO) environments, to manage and control small local area networks with no more than a handful of workstations. They come in cloud-based, managed and unmanaged “flavors,” and are an affordable (under $300) solution for resource-strapped small businesses.

The vulnerability (CVE-2018-15439), which has a critical base CVSS severity rating of 9.8, exists because the default configuration on the devices includes a default, privileged user account that is used for the initial login and cannot be removed from the system.

Read more…
Source: ThreatPost