#VU51734 Improper Privilege Management in Cisco Systems, Inc Operating systems & Components
Vulnerability identifier: #VU51734
Vulnerability risk: Low
CVSSv3.1: 5.8 [CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-269
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Cisco ASR 1000 Series Aggregation Services Routers
Hardware solutions /
Routers & switches, VoIP, GSM, etc
Cisco Cloud Services Router 1000V Series
Hardware solutions /
Routers & switches, VoIP, GSM, etc
Cisco 4000 Series Integrated Services Routers
Hardware solutions /
Routers & switches, VoIP, GSM, etc
Cisco 1000 Series Integrated Services Routers
Hardware solutions /
Routers & switches, VoIP, GSM, etc
Cisco IOS XE
Operating systems & Components /
Operating system
Vendor: Cisco Systems, Inc
Description
The vulnerability allows a local user to escalate privileges.
The vulnerability exists due to improper privilege management within the role-based access control of Cisco IOS XE SD-WAN Software. A local user with read-only privileges can obtain administrative privileges by using the console port when the device is in the default SD-WAN configuration.
Successful exploitation of the vulnerability may allow a user with read-only permissions to access administrative privileges.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
Cisco ASR 1000 Series Aggregation Services Routers: All versions
Cisco Cloud Services Router 1000V Series: All versions
Cisco 4000 Series Integrated Services Routers: All versions
Cisco 1000 Series Integrated Services Routers: All versions
Cisco IOS XE: 17.2.1r - 17.2.1v
External links
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-esc-rSNVvTf9
http://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv43400
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
