CVE-2018-15439

CRITICAL

Cisco Small Business Switches - Unauthenticated Bypass via Hard-coded Credentials

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-15439. Includes Metasploit module exploits/linux/local/cpi_runrshell_priv_esc.

AI-analyzed exploit summary This Metasploit module exploits a privilege escalation vulnerability in Cisco Prime Infrastructure's runrshell binary by injecting commands into the argument, allowing execution as root. It uploads a payload, sets it as executable, and executes it with elevated privileges.

Description

A vulnerability in the Cisco Small Business Switches software could allow an unauthenticated, remote attacker to bypass the user authentication mechanism of an affected device. The vulnerability exists because under specific circumstances, the affected software enables a privileged user account without notifying administrators of the system. An attacker could exploit this vulnerability by using this account to log in to an affected device and execute commands with full admin rights. Cisco has not released software updates that address this vulnerability. This advisory will be updated with fixed software information once fixed software becomes available. There is a workaround to address this vulnerability.

Exploits (1)

metasploit WORKING POC EXCELLENT

rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/local/cpi_runrshell_priv_esc.rb

View Code ZIP pw:eip

This Metasploit module exploits a privilege escalation vulnerability in Cisco Prime Infrastructure's runrshell binary by injecting commands into the argument, allowing execution as root. It uploads a payload, sets it as executable, and executes it with elevated privileges.

Classification

Working Poc 100%

Attack Type

Lpe

Complexity

Trivial

Reliability

Reliable

Target: Cisco Prime Infrastructure 3.4.0

Auth required

Prerequisites: Access to a shell or meterpreter session on the target · Write permissions in a directory (default: /tmp)

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1548.001 - Setuid and Setgid

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/105873

Vendor Advisory vendor-advisory x_refsource_cisco

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-sbsw-privacc

Scores

CVSS v3 9.8

EPSS 0.4974

EPSS Percentile 98.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-798

Status published

Products (50)

cisco/sf200-24_firmware

cisco/sf200-24fp_firmware

cisco/sf200-24p_firmware

cisco/sf200-48_firmware

cisco/sf200-48p_firmware

cisco/sf250-24_firmware

cisco/sf250-24p_firmware

cisco/sf250-48_firmware

cisco/sf250-48hp_firmware

cisco/sf300-08_firmware

... and 40 more

Published Nov 08, 2018

Tracked Since Feb 18, 2026