#VU8687 Security restrictions bypass in Cisco IOS XE
Vulnerability identifier: #VU8687
Vulnerability risk: Low
CVSSv3.1: 4.5 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-284
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Cisco IOS XE
Operating systems & Components /
Operating system
Vendor: Cisco Systems, Inc
Description
The vulnerability allows an unauthenticated, physical attacker to bypass security restrictions on the target system.
The weakness exists due to an engineering console port is available on the motherboard. An attacker can physically connect to the console port on the line card, bypass security restrictions and gain full access to the affected device's operating system.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Cisco IOS XE: 3.16 - 16.4.1
External links
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-cc
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
