Support Portal
By
In, , , , , , , ,
0

Cisco Backdoor Account & Other Critical Vulnerabilities

Data Consult > backdoor > Cisco Backdoor Account & Other Critical Vulnerabilities
DROWN Attack (CVE-2016-0800), Turing Award and Leo’s Oscar

Hello,

Very recently Cisco announced 3 “critical risk” and numerous other “high risk” vulnerabilities. One
of those vulnerabilities affect IOS XE devices which come with a default pre-configured privileged account which if known could grant easy access to the device by an attacker. Some sources say that this made its way by mistake from testing environment and wasn’t removed by the developers before publishing the IOS XE image.
Below is a comprehensive table listing the vulnerabilities alongside their risk level and CVE reference. The affected platforms includes ISR4000, ASR900, ASR1000, Catalyst 3650/3850, Routers 2900, etc…

Vulnerability Risk CVE
Cisco IOS XE Software Static Credential Vulnerability Critical CVE-2018-0150
Cisco IOS and IOS XE Software Quality of Service Remote Code Execution Vulnerability Critical CVE-2018-0151
Cisco IOS and IOS XE Software Smart Install Remote Code Execution Vulnerability Critical CVE-2018-0171
Cisco IOS and IOS XE Software DHCP Version 4 Relay Denial of Service Vulnerability High CVE-2018-0174
Cisco IOS and IOS XE Software DHCP Version 4 Relay Reply Denial of Service Vulnerability High CVE-2018-0173
Cisco IOS and IOS XE Software DHCP Version 4 Relay Heap Overflow Denial of Service Vulnerability High CVE-2018-0172
Cisco IOS Software Integrated Services Module for VPN Denial of Service Vulnerability High CVE-2018-0154
Cisco IOS XE Software Simple Network Management Protocol Double-Free Denial of Service Vulnerability High CVE-2018-0160
Cisco IOS and IOS XE Software Internet Key Exchange Version 1 Denial of Service Vulnerability High CVE-2018-0159
Cisco IOS XE Software with Cisco Umbrella Integration Denial of Service Vulnerability High CVE-2018-0170
Cisco IOS, IOS XE, and IOS XR Software Link Layer Discovery Protocol Buffer Overflow Vulnerabilities High CVE-2018-0167
CVE-2018-0175
Cisco IOS XE Software User EXEC Mode Root Shell Access Vulnerabilities High CVE-2018-0169
CVE-2018-0176
Cisco IOS XE Software Internet Group Management Protocol Memory Leak Vulnerability High CVE-2018-0165
Cisco IOS and IOS XE Software Bidirectional Forwarding Detection Denial of Service Vulnerability High CVE-2018-0155
Cisco IOS and IOS XE Software Smart Install Denial of Service Vulnerability High CVE-2018-0156
Cisco IOS XE Software for Cisco Catalyst Switches IPv4 Denial of Service Vulnerability High CVE-2018-0177
Cisco IOS and IOS XE Software Internet Key Exchange Memory Leak Vulnerability High CVE-2018-0158
Cisco IOS XE Software Zone-Based Firewall IP Fragmentation Denial of Service Vulnerability High CVE-2018-0157
Cisco IOS XE Software Web UI Remote Access Privilege Escalation Vulnerability High CVE-2018-0152
Cisco IOS Software Simple Network Management Protocol GET MIB Object ID Denial of Service Vulnerability High CVE-2018-0161

Related Posts

Wi-Fi 6 the last technology in wireless explained Data Consult
July 23, 2020

What is Wi-Fi 6 and why might I need it?

ByIn0
Working from Home
June 17, 2020

Transformation Covid 101 -Lessons learned on managing teams and running daily operations!

ByIn0
Data Consult Transforms Service Delivery and Customer Experience with Oracle
June 13, 2018

Data Consult Transforms Service Delivery and Customer Experience with Oracle

ByIn0