Vulnerability identifier: #VU51764
Vulnerability risk: Low
CVSSv3.1: 5.3 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-489
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Cisco IOS XE
Operating systems & Components /
Operating system
IR1101 Integrated Services Routers
Hardware solutions /
Routers & switches, VoIP, GSM, etc
ESR6300 Embedded Series Routers
Hardware solutions /
Routers & switches, VoIP, GSM, etc
Vendor: Cisco Systems, Inc
Description
The vulnerability allows a local attacker to open a debugging console.
The vulnerability exists due to insufficient command authorization restrictions. An attacker with physical access can use specially crafted commands on the hardware platform and access a debugging console.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
Cisco IOS XE: Amsterdam 17.1.1
IR1101 Integrated Services Routers: All versions
ESR6300 Embedded Series Routers: All versions
External links
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-XE-BLKH-Ouvrnf2s
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.