CVE-2018-15439

CRITICAL

Cisco Sg200-50 Firmware - Hard-coded Credentials

Title source: rule

Description

A vulnerability in the Cisco Small Business Switches software could allow an unauthenticated, remote attacker to bypass the user authentication mechanism of an affected device. The vulnerability exists because under specific circumstances, the affected software enables a privileged user account without notifying administrators of the system. An attacker could exploit this vulnerability by using this account to log in to an affected device and execute commands with full admin rights. Cisco has not released software updates that address this vulnerability. This advisory will be updated with fixed software information once fixed software becomes available. There is a workaround to address this vulnerability.

Exploits (1)

metasploit WORKING POC EXCELLENT

rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/local/cpi_runrshell_priv_esc.rb

View Code ZIP pw:eip

References (2)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/105873

[Vendor Advisory] https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-sbsw-privacc

Scores

CVSS v3 9.8

EPSS 0.5075

EPSS Percentile 97.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-798

Status published

Products (50)

cisco/sf200-24_firmware

cisco/sf200-24fp_firmware

cisco/sf200-24p_firmware

cisco/sf200-48_firmware

cisco/sf200-48p_firmware

cisco/sf250-24_firmware

cisco/sf250-24p_firmware

cisco/sf250-48_firmware

cisco/sf250-48hp_firmware

cisco/sf300-08_firmware

... and 40 more

Published Nov 08, 2018

Tracked Since Feb 18, 2026