| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 8.2 | $0-$5k | 0.00 |
Summary
A vulnerability was found in Cisco IOS XE up to 16.x. It has been declared as critical. This affects an unknown function. Executing a manipulation can lead to hard-coded credentials. This vulnerability is handled as CVE-2018-0150. The attack can be executed remotely. There is not any exploit available. It is recommended to upgrade the affected component.
Details
A vulnerability classified as critical was found in Cisco IOS XE up to 16.x (Router Operating System). This vulnerability affects some unknown processing. The manipulation with an unknown input leads to a hard-coded credentials vulnerability. The CWE definition for the vulnerability is CWE-798. The product contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. As an impact it is known to affect confidentiality, integrity, and availability. CVE summarizes:
A vulnerability in Cisco IOS XE Software could allow an unauthenticated, remote attacker to log in to a device running an affected release of Cisco IOS XE Software with the default username and password that are used at initial boot, aka a Static Credential Vulnerability. The vulnerability is due to an undocumented user account with privilege level 15 that has a default username and password. An attacker could exploit this vulnerability by using this account to remotely connect to an affected device. A successful exploit could allow the attacker to log in to the device with privilege level 15 access. This vulnerability affects Cisco devices that are running a vulnerable release of Cisco IOS XE Software Release 16.x. This vulnerability does not affect Cisco IOS XE Software releases prior to Release 16.x. Cisco Bug IDs: CSCve89880.
The bug was discovered 03/28/2018. The weakness was released 03/28/2018 with Cisco as cisco-sa-20180328-xesc as confirmed advisory (Website). The advisory is shared for download at tools.cisco.com. This vulnerability was named CVE-2018-0150 since 11/27/2017. The attack can be initiated remotely. Required for exploitation is a single authentication. There are neither technical details nor an exploit publicly available. The MITRE ATT&CK project declares the attack technique as T1110.001.
The vulnerability scanner Nessus provides a plugin with the ID 108724 (Cisco IOS XE Software Static Credential Vulnerability), which helps to determine the existence of the flaw in a target environment. It is assigned to the family CISCO and running in the context l. The commercial vulnerability scanner Qualys is able to test this issue with plugin 316204 (Cisco IOS XE Software Static Credential Vulnerability(cisco-sa-20180328-xesc)-Deprecated).
Upgrading eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability.
The vulnerability is also documented in the databases at Tenable (108724) and SecurityFocus (BID 103539†). Entry connected to this vulnerability is available at VDB-115158. Once again VulDB remains the best source for vulnerability data.
Product
Type
Vendor
Name
Version
License
Website
- Vendor: https://www.cisco.com/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 8.5VulDB Meta Temp Score: 8.4
VulDB Base Score: 7.3
VulDB Temp Score: 7.0
VulDB Vector: 🔍
VulDB Reliability: 🔍
NVD Base Score: 9.8
NVD Vector: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Hard-coded credentialsCWE: CWE-798 / CWE-259 / CWE-255
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 108724
Nessus Name: Cisco IOS XE Software Static Credential Vulnerability
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Nessus Context: 🔍
Qualys ID: 🔍
Qualys Name: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
Reaction Time: 🔍
0-Day Time: 🔍
Exposure Time: 🔍
Timeline
11/27/2017 🔍03/28/2018 🔍
03/28/2018 🔍
03/28/2018 🔍
03/28/2018 🔍
03/28/2018 🔍
03/29/2018 🔍
03/29/2018 🔍
02/06/2021 🔍
Sources
Vendor: cisco.comAdvisory: cisco-sa-20180328-xesc
Researcher: Cisco
Organization: Cisco
Status: Confirmed
Confirmation: 🔍
CVE: CVE-2018-0150 (🔍)
GCVE (CVE): GCVE-0-2018-0150
GCVE (VulDB): GCVE-100-115156
OVAL: 🔍
SecurityFocus: 103539 - Cisco IOS XE Software CVE-2018-0150 Default Credentials Security Bypass Vulnerability
SecurityTracker: 1040579
scip Labs: https://www.scip.ch/en/?labs.20150108
See also: 🔍
Entry
Created: 03/29/2018 09:14Updated: 02/06/2021 10:51
Changes: 03/29/2018 09:14 (73), 01/17/2020 16:01 (6), 02/06/2021 10:46 (2), 02/06/2021 10:51 (1)
Complete: 🔍
Cache ID: 216::103
Once again VulDB remains the best source for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.