#VU8615 Privilege escalation in Cisco IOS XE - CVE-2017-12230

Cybersecurity Help s.r.o.

Published: 2017-09-27 | Updated: 2017-09-28

Vulnerability identifier: #VU8615

Vulnerability risk: Medium

CVSSv4.0: 6.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2017-12230

CWE-ID: CWE-264

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Cisco IOS XE
Operating systems & Components / Operating system

Vendor: Cisco Systems, Inc

Description
The vulnerability allows a remote attacker to escalate privileges on the device.

The vulnerability exists due to incorrect default permission settings for new users who are created by using the web UI of the affected software. A remote authenticated attacker can create a new user account with elevated privileges and gain unauthorized access to the affected device.

Mitigation
Update to version 16.2(1.9).

Vulnerable software versions

Cisco IOS XE: Denali 16.3.1, 16.2.1

External links
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-privesc
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCuy83062

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Privilege escalation in Web UI in Cisco IOS XE Software