A critical and unpatched vulnerability in Cisco Small Business Switch software leaves the door open to remote, unauthenticated attackers gaining full administrative control over the device and therefore the network. The vulnerability (CVE-2018-15439) has a critical base CVSS severity rating of 9.8. The default configuration on the devices includes a default, privileged user account that is used for the initial login and cannot be removed from the system. There s no patch to address the vulnerability, though one is expected at some point in the future, Cisco said.
Source: https://threatpost.com/critical-unpatched-cisco-flaw/141010/