{"id":7662,"date":"2018-09-20T07:14:08","date_gmt":"2018-09-20T07:14:08","guid":{"rendered":"http:\/\/blog.nsfocusglobal.com\/?p=1647"},"modified":"2025-07-09T07:10:19","modified_gmt":"2025-07-09T07:10:19","slug":"cisco-ios-xe-software-static-credential-vulnerability","status":"publish","type":"post","link":"https:\/\/nsfocusglobal.com\/pt-br\/cisco-ios-xe-software-static-credential-vulnerability\/","title":{"rendered":"Cisco IOS XE Software Static Credential Vulnerability"},"content":{"rendered":"<p>Yesterday, September 19th, Cisco announced an advisory for a critical vulnerability (CVE-2018-0150) that exists with their\u00a0 IOS XE Software.<\/p>\n<p>The vulnerability is due to an undocumented user account with privilege level 15 that has a default username and password. An attacker could exploit this vulnerability by using this account to remotely connect to an affected device. A successful exploit could allow the attacker to log in to the device with privilege level 15 access.<\/p>\n<p>CVSS Score: Base 9.8 CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:H\/E:X\/RL:X\/RC:X<\/p>\n<p>Advisory link: <a href=\"https:\/\/tools.cisco.com\/security\/center\/content\/CiscoSecurityAdvisory\/cisco-sa-20180328-xesc\">https:\/\/tools.cisco.com\/security\/center\/content\/CiscoSecurityAdvisory\/cisco-sa-20180328-xesc<\/a><\/p>\n<p><strong>Affected versions<\/strong><\/p>\n<ul>\n<li>Cisco IOS XE 16.5.x version &lt; 16.5.2<\/li>\n<li>Cisco IOS XE 16.6.x version &lt; 16.6.1<\/li>\n<li>Cisco IOS XE running on Integrated Services Virtual Router (ISRv)<\/li>\n<\/ul>\n<p>For Cisco IOS XE realeases running on a Cisco ISRv, refer to <a href=\"https:\/\/tools.cisco.com\/security\/center\/content\/CiscoSecurityAdvisory\/cisco-sa-20180328-xesc\">https:\/\/tools.cisco.com\/security\/center\/content\/CiscoSecurityAdvisory\/cisco-sa-20180328-xesc<\/a><\/p>\n<p><strong>Unaffected versions<\/strong><\/p>\n<ul>\n<li>Cisco IOS XE version &lt; 16.x<\/li>\n<li>Cisco IOS XE version 16.5.2<\/li>\n<li>Cisco IOS XE version 16.6.1<\/li>\n<\/ul>\n<p><strong>Solution<\/strong><\/p>\n<p>Cisco has provided workarounds to address this vulnerability:<\/p>\n<p>To address this vulnerability, administrators may remove the default account by using the no username cisco command in the device configuration. Administrators may also address this vulnerability by logging in to the device and changing the password for this account.<\/p>\n<p>For the Cisco ISRv, administrators should remove old packages from their datastore and update the ISRv package to prevent a newly-deployed Cisco ISRv from having the default account.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Yesterday, September 19th, Cisco announced an advisory for a critical vulnerability (CVE-2018-0150) that exists with their\u00a0 IOS XE Software. The vulnerability is due to an undocumented user account with privilege level 15 that has a default username and password. An attacker could exploit this vulnerability by using this account to remotely connect to an affected [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":1652,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_coblocks_attr":"","_coblocks_dimensions":"","_coblocks_responsive_height":"","_coblocks_accordion_ie_support":"","footnotes":""},"categories":[3,6],"tags":[],"class_list":["post-7662","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog","category-emergency-response"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.4 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Cisco IOS XE Software Static Credential Vulnerability - NSFOCUS<\/title>\n<meta name=\"robots\" content=\"noindex, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<meta property=\"og:locale\" content=\"pt_BR\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Cisco IOS XE Software Static Credential Vulnerability - NSFOCUS\" \/>\n<meta property=\"og:description\" content=\"Yesterday, September 19th, Cisco announced an advisory for a critical vulnerability (CVE-2018-0150) that exists with their\u00a0 IOS XE Software. The\" \/>\n<meta property=\"og:url\" content=\"https:\/\/nsfocusglobal.com\/cisco-ios-xe-software-static-credential-vulnerability\/\" \/>\n<meta property=\"og:site_name\" content=\"NSFOCUS\" \/>\n<meta property=\"article:published_time\" content=\"2018-09-20T07:14:08+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-07-09T07:10:19+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2016\/01\/notebook-1071777_1920.jpg\" \/>\n<meta name=\"author\" content=\"admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:title\" content=\"Cisco IOS XE Software Static Credential Vulnerability - NSFOCUS\" \/>\n<meta name=\"twitter:description\" content=\"Yesterday, September 19th, Cisco announced an advisory for a critical vulnerability (CVE-2018-0150) that exists with their\u00a0 IOS XE Software. The\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2016\/01\/notebook-1071777_1920.jpg\" \/>\n<meta name=\"twitter:label1\" content=\"Escrito por\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. tempo de leitura\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minuto\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/cisco-ios-xe-software-static-credential-vulnerability\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/cisco-ios-xe-software-static-credential-vulnerability\\\/\"},\"author\":{\"name\":\"admin\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#\\\/schema\\\/person\\\/fd9ab61c9c77a81bbd870f725cc0c61d\"},\"headline\":\"Cisco IOS XE Software Static Credential Vulnerability\",\"datePublished\":\"2018-09-20T07:14:08+00:00\",\"dateModified\":\"2025-07-09T07:10:19+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/cisco-ios-xe-software-static-credential-vulnerability\\\/\"},\"wordCount\":257,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/cisco-ios-xe-software-static-credential-vulnerability\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2016\\\/01\\\/notebook-1071777_1920.jpg\",\"articleSection\":[\"Blog\",\"Emergency Response\"],\"inLanguage\":\"pt-BR\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/nsfocusglobal.com\\\/cisco-ios-xe-software-static-credential-vulnerability\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/cisco-ios-xe-software-static-credential-vulnerability\\\/\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/cisco-ios-xe-software-static-credential-vulnerability\\\/\",\"name\":\"Cisco IOS XE Software Static Credential Vulnerability - NSFOCUS\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/cisco-ios-xe-software-static-credential-vulnerability\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/cisco-ios-xe-software-static-credential-vulnerability\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2016\\\/01\\\/notebook-1071777_1920.jpg\",\"datePublished\":\"2018-09-20T07:14:08+00:00\",\"dateModified\":\"2025-07-09T07:10:19+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/cisco-ios-xe-software-static-credential-vulnerability\\\/#breadcrumb\"},\"inLanguage\":\"pt-BR\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/nsfocusglobal.com\\\/cisco-ios-xe-software-static-credential-vulnerability\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/cisco-ios-xe-software-static-credential-vulnerability\\\/#primaryimage\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2016\\\/01\\\/notebook-1071777_1920.jpg\",\"contentUrl\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2016\\\/01\\\/notebook-1071777_1920.jpg\",\"width\":1920,\"height\":1144,\"caption\":\"Laptop with binary code and cityscape background.\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/cisco-ios-xe-software-static-credential-vulnerability\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/nsfocusglobal.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Cisco IOS XE Software Static Credential Vulnerability\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#website\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/\",\"name\":\"NSFOCUS\",\"description\":\"Security Made Smart and Simple\",\"publisher\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"pt-BR\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#organization\",\"name\":\"NSFOCUS\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2024\\\/08\\\/logo-ns.png\",\"contentUrl\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2024\\\/08\\\/logo-ns.png\",\"width\":248,\"height\":36,\"caption\":\"NSFOCUS\"},\"image\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#\\\/schema\\\/person\\\/fd9ab61c9c77a81bbd870f725cc0c61d\",\"name\":\"admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g\",\"caption\":\"admin\"},\"sameAs\":[\"https:\\\/\\\/nsfocusglobal.com\"],\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/author\\\/admin\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Cisco IOS XE Software Static Credential Vulnerability - NSFOCUS","robots":{"index":"noindex","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"og_locale":"pt_BR","og_type":"article","og_title":"Cisco IOS XE Software Static Credential Vulnerability - NSFOCUS","og_description":"Yesterday, September 19th, Cisco announced an advisory for a critical vulnerability (CVE-2018-0150) that exists with their\u00a0 IOS XE Software. The","og_url":"https:\/\/nsfocusglobal.com\/cisco-ios-xe-software-static-credential-vulnerability\/","og_site_name":"NSFOCUS","article_published_time":"2018-09-20T07:14:08+00:00","article_modified_time":"2025-07-09T07:10:19+00:00","og_image":[{"url":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2016\/01\/notebook-1071777_1920.jpg","type":"","width":"","height":""}],"author":"admin","twitter_card":"summary_large_image","twitter_title":"Cisco IOS XE Software Static Credential Vulnerability - NSFOCUS","twitter_description":"Yesterday, September 19th, Cisco announced an advisory for a critical vulnerability (CVE-2018-0150) that exists with their\u00a0 IOS XE Software. The","twitter_image":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2016\/01\/notebook-1071777_1920.jpg","twitter_misc":{"Escrito por":"admin","Est. tempo de leitura":"1 minuto"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/nsfocusglobal.com\/cisco-ios-xe-software-static-credential-vulnerability\/#article","isPartOf":{"@id":"https:\/\/nsfocusglobal.com\/cisco-ios-xe-software-static-credential-vulnerability\/"},"author":{"name":"admin","@id":"https:\/\/nsfocusglobal.com\/pt-br\/#\/schema\/person\/fd9ab61c9c77a81bbd870f725cc0c61d"},"headline":"Cisco IOS XE Software Static Credential Vulnerability","datePublished":"2018-09-20T07:14:08+00:00","dateModified":"2025-07-09T07:10:19+00:00","mainEntityOfPage":{"@id":"https:\/\/nsfocusglobal.com\/cisco-ios-xe-software-static-credential-vulnerability\/"},"wordCount":257,"commentCount":0,"publisher":{"@id":"https:\/\/nsfocusglobal.com\/pt-br\/#organization"},"image":{"@id":"https:\/\/nsfocusglobal.com\/cisco-ios-xe-software-static-credential-vulnerability\/#primaryimage"},"thumbnailUrl":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2016\/01\/notebook-1071777_1920.jpg","articleSection":["Blog","Emergency Response"],"inLanguage":"pt-BR","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/nsfocusglobal.com\/cisco-ios-xe-software-static-credential-vulnerability\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/nsfocusglobal.com\/cisco-ios-xe-software-static-credential-vulnerability\/","url":"https:\/\/nsfocusglobal.com\/cisco-ios-xe-software-static-credential-vulnerability\/","name":"Cisco IOS XE Software Static Credential Vulnerability - NSFOCUS","isPartOf":{"@id":"https:\/\/nsfocusglobal.com\/pt-br\/#website"},"primaryImageOfPage":{"@id":"https:\/\/nsfocusglobal.com\/cisco-ios-xe-software-static-credential-vulnerability\/#primaryimage"},"image":{"@id":"https:\/\/nsfocusglobal.com\/cisco-ios-xe-software-static-credential-vulnerability\/#primaryimage"},"thumbnailUrl":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2016\/01\/notebook-1071777_1920.jpg","datePublished":"2018-09-20T07:14:08+00:00","dateModified":"2025-07-09T07:10:19+00:00","breadcrumb":{"@id":"https:\/\/nsfocusglobal.com\/cisco-ios-xe-software-static-credential-vulnerability\/#breadcrumb"},"inLanguage":"pt-BR","potentialAction":[{"@type":"ReadAction","target":["https:\/\/nsfocusglobal.com\/cisco-ios-xe-software-static-credential-vulnerability\/"]}]},{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/nsfocusglobal.com\/cisco-ios-xe-software-static-credential-vulnerability\/#primaryimage","url":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2016\/01\/notebook-1071777_1920.jpg","contentUrl":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2016\/01\/notebook-1071777_1920.jpg","width":1920,"height":1144,"caption":"Laptop with binary code and cityscape background."},{"@type":"BreadcrumbList","@id":"https:\/\/nsfocusglobal.com\/cisco-ios-xe-software-static-credential-vulnerability\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/nsfocusglobal.com\/"},{"@type":"ListItem","position":2,"name":"Cisco IOS XE Software Static Credential Vulnerability"}]},{"@type":"WebSite","@id":"https:\/\/nsfocusglobal.com\/pt-br\/#website","url":"https:\/\/nsfocusglobal.com\/pt-br\/","name":"NSFOCUS","description":"Security Made Smart and Simple","publisher":{"@id":"https:\/\/nsfocusglobal.com\/pt-br\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/nsfocusglobal.com\/pt-br\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"pt-BR"},{"@type":"Organization","@id":"https:\/\/nsfocusglobal.com\/pt-br\/#organization","name":"NSFOCUS","url":"https:\/\/nsfocusglobal.com\/pt-br\/","logo":{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/nsfocusglobal.com\/pt-br\/#\/schema\/logo\/image\/","url":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2024\/08\/logo-ns.png","contentUrl":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2024\/08\/logo-ns.png","width":248,"height":36,"caption":"NSFOCUS"},"image":{"@id":"https:\/\/nsfocusglobal.com\/pt-br\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/nsfocusglobal.com\/pt-br\/#\/schema\/person\/fd9ab61c9c77a81bbd870f725cc0c61d","name":"admin","image":{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/secure.gravatar.com\/avatar\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g","caption":"admin"},"sameAs":["https:\/\/nsfocusglobal.com"],"url":"https:\/\/nsfocusglobal.com\/pt-br\/author\/admin\/"}]}},"_links":{"self":[{"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/posts\/7662","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/comments?post=7662"}],"version-history":[{"count":1,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/posts\/7662\/revisions"}],"predecessor-version":[{"id":32626,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/posts\/7662\/revisions\/32626"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/media\/1652"}],"wp:attachment":[{"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/media?parent=7662"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/categories?post=7662"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/tags?post=7662"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}