Privilege escalation in Web UI in Cisco IOS XE Software
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2017-12230 |
| CWE-ID | CWE-264 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Cisco IOS XE Operating systems & Components / Operating system |
| Vendor | Cisco Systems, Inc |
Security Bulletin
This security bulletin contains one medium risk vulnerability.
1) Privilege escalation
EUVDB-ID: #VU8615
Risk: Medium
CVSSv4.0: 6.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2017-12230
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to escalate privileges on the device.
The vulnerability exists due to incorrect default permission settings for new users who are created by using the web UI of the affected software. A remote authenticated attacker can create a new user account with elevated privileges and gain unauthorized access to the affected device.
Update to version 16.2(1.9).
Vulnerable software versionsCisco IOS XE: 16.2.1 - Denali 16.3.1
CPE2.3- cpe:2.3:o:cisco_systems:cisco_ios_xe:16.2.1:*:*:*:*:*:*:*
- cpe:2.3:o:cisco_systems:cisco_ios_xe:Denali_16.3.1:*:*:*:*:*:*:*
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-privesc
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCuy83062
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
