US Region

Grandmetric LLC
Lewes DE 19958
16192 Coastal Hwy USA
EIN: 98-1615498
+1 302 691 94 10

EMEA Region

ul. Metalowa 5, 60-118 Poznań, Poland
NIP 7792433527
+48 61 271 04 43


Grandmetric LTD
Office 584b
182-184 High Street North
E6 2JA
+44 20 3321 5276

  • en
  • pl
  • Cisco IOS XE Static Credential Vulnerability (Catalyst Switches, ISR4k and ASR1k Routers)

    Cisco IOS XE Static Credential Vulnerability (Catalyst Switches, ISR4k and ASR1k Routers)

    Date: 09.04.2018


    Cisco has stated that there is a vulnerability in Cisco IOS XE 16.X version (bug does not affect releases prior IOS XE 16.X)  that allows remote attacker to log in to the system with privilege 15 with default username cisco. This bug affects the platforms supported by IOS XE software, inter alia following:


    • Catalyst 9500, 9300 switches
    • Catalyst 3650, 3850 switches
    • ISR 4200, 4300, 4400 routers
    • ASR 1000 routers
    • ISRv, CSR1000v


    If you have one of these and show version displays the following output:

    router# show version
    --- output omitted ---- (CAT3K_CAA-UNIVERSALK9-M), Version Denali 16.2.1

    Immediately upgrade the system or use the workaround.


    Possible direct workarounds:

    • delete an account by issuing no username cisco command in configuration mode
    • change the password for cisco user
    • to upgrade the IOS XE version to get rid of this vulnerability check the bug toolkit


    Affected releases (as of 10 April 2018):
    • 16.5.1
    • Everest-16.5.1

    Known fixed releases (as of 10 April 2018):

    • Everest-16.6.1
    • Everest-16.6.1a
    • Everest-16.5.2
    • 16.7(0.78)
    • 16.6.1
    • 16.6.1a
    • 16.6(0.238)
    • 16.5.2
    • 16.5(1.67)


    The vulnerability is described as critical and received score 9.8:

    • The Cisco bug id is: CSCve89880
    • CVSS score: 9.8
    • Vulnerability: CVE-2018-0150







    Grandmetric is an IT Next Generation Systems integration company helping clients with their IT transformation, infrastructure automation, LAN, WiFi, SD-WAN & SDN delivery. Fast growing Grandmetric team is becoming also a referal point in Cloud migrations and DC Stack management with their Storage, OS and virtualization experience. Grandmetric provides technical insights along with technical trainings in areas of expertise. Latest projects cover also IoT subjects R&D in the area of IoT backend development, big data analysis and monitoring. Based on above experience in production systems maintenance, new division – Grandmetric Managed Services (GMS) maintaining IT infrastructure of corporates & globally present customers is available for demanding IT environments.

    Leave a Reply

    Your email address will not be published. Required fields are marked *