Main Vulnerability Database SB2017092805

SB2017092805 - Privilege escalation in Web UI in Cisco IOS XE Software

Published: September 28, 2017

Security Bulletin ID SB2017092805

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Privilege escalation (CVE-ID: CVE-2017-12230)

The vulnerability allows a remote attacker to escalate privileges on the device.

The vulnerability exists due to incorrect default permission settings for new users who are created by using the web UI of the affected software. A remote authenticated attacker can create a new user account with elevated privileges and gain unauthorized access to the affected device.

Remediation

Install update from vendor's website.

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-privesc
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCuy83062