#Cisco ios xe Patch
The patch for CVE-2018-0150 is one of the 22 security updates the networking software giant published yesterday. The account grants the attacker a " privilege level 15 access," a term used to describe high-privileged accounts. This "backdoor" vulnerability ( CVE-2018-0150) is considered critical and has a severity score of 9.8 out of 10.Īttackers can log into this account remotely, and don't necessarily need physical access to the device. If they'd like to keep the accunt, admins can also log into their device via their regular admin user and utilize that account to change the cisco's account default password with one of their own choosing. If patching is not possible, mitigations existīesides the software patches made available on the Cisco customer portal, device admins can remove the account by typing: no username cisco Since this account only affects v16.x versions and uses the company's name for the username, this appears to have been accidentally left over from IOS XE's development or testing phase. The company says the "undocumented user account" only impacts devices running Cisco XE Software 16.x -an operating system deployed mostly with Cisco ASR routers and Catalyst switches.Ĭisco says devices running IOS XE 16.x come with a hidden default account named "cisco," and a static password that Cisco didn't reveal to avoid future exploitation attempts.Ĭisco devices don't usually come with default accounts, and network admins must set up an account during the device's first boot-up. Cisco removed today a backdoor account from its IOS XE operating system that would have allowed a remote attacker to log into Cisco routers and switches with a high-privileged account.