How to remove default cisco user from hundreds devices

A vulnerability in the Cisco IOS XE Software could allow an unauthenticated, remote attacker to log in to the device running an affected version of Cisco IOS XE Software with the default username and password when there is no startup configuration on the router or a write erase followed by a reload. This account allows privilege level 15 access. https://bst.cloudapps.cisco.com/bugsearch/bug/CSCve89880 For removing the default account by issuing the command no username cisco in the device configuration will address this vulnerability. Users can login in to the device and change the default password for this account to address this vulnerability as well.

We will use native tool: Cisco Prime Infrastructure 3.3

Step1. Configure CLI template

Step2. Deploy created template

Deploying template

Step3. When deploying choose devices where you would like to remove default users.

Choosing devices

Step4. Finally check config before the last step deploying

checking config

Step5. Keep or remove options

options

Step6. See what have done.

result

This is very useful when you have more than 10 devices. 

Leave a Reply

Your email address will not be published. Required fields are marked *