Preview Tool

Cisco Bug: CSCve89880 - Cisco IOS XE Software Static Credential Vulnerability

Last Modified

May 05, 2020

Products (1)

  • Cisco 4000 Series Integrated Services Routers

Known Affected Releases

16.5.1 Everest-16.5.1

Description (partial)

A vulnerability in the Cisco IOS XE Software could allow an unauthenticated, remote attacker to log in to the device running an affected version of Cisco IOS XE Software with the default username and password when there is no startup configuration on the router or a write erase followed by a reload. This account allows privilege level 15 access.

The vulnerability is due to an undocumented user account that has a default username and password. An attacker could exploit this vulnerability by remotely connecting to the affected system using this account. A successful exploit could allow the attacker to log in to the device using the default user account with privilege level 15 access.

Cisco has released software updates that address this vulnerability. There are workarounds that address this vulnerability.

This advisory is available at the following link:

This vulnerability affects Cisco devices that are running a vulnerable release of Cisco IOS XE Software.

To determine whether a release is affected by any published Cisco Security Advisory, use the Cisco IOS Software Checker on at the following link:

This problem can be seen when the router boots without a startup-config file or the user has performed a write erase followed by reload without saving any configs.

Related Community Discussions

<key>CSCve89880</key> Trying To Test Vulnerability
Does anyone know the default username &amp; password on IOS XE devices? According to the advisory I have a few affected devices in my environment &amp; I would like to do a proof of concept to see if I can access the affected devices like the advisory is stating that can be done. Google searches for Default Cisco IOS XE username &amp; passwords don't produce anything.     Summary A vulnerability in Cisco IOS XE Software could allow an unauthenticated, remote attacker to log in to a device running an affected ...
Latest activity: Apr 09, 2018
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.