Main Vulnerability Database Vulnerabilities #VU8687

#VU8687 Security restrictions bypass in Cisco IOS XE - CVE-2017-12239

Published: October 4, 2017

Vulnerability identifier: #VU8687

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2017-12239

CWE-ID: CWE-284

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Cisco IOS XE

Software vendor:
Cisco Systems, Inc

Description

The vulnerability allows an unauthenticated, physical attacker to bypass security restrictions on the target system.

The weakness exists due to an engineering console port is available on the motherboard. An attacker can physically connect to the console port on the line card, bypass security restrictions and gain full access to the affected device's operating system.

Remediation

Install update from vendor's website.

External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-cc

#VU8687 Security restrictions bypass in Cisco IOS XE - CVE-2017-12239

Description

Remediation

External links

Please verify you're human