Main Vulnerability Database SB2018020811

SB2018020811 - Security restrictions bypass in Cisco IOS/IOS XE

Published: February 8, 2018

Security Bulletin ID SB2018020811

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Security restrictions bypass (CVE-ID: CVE-2018-0123)

The vulnerability allows a local attacker to bypass security restrictions and modify data on the target system.

The weakness exists in the diagnostic shell for Cisco IOS and IOS XE Software due to lack of proper input validation for certain diagnostic shell commands. A local attacker can authenticate to the device, enter the diagnostic shell, provide a specially crafted input to commands at the local diagnostic shell CLI and overwrite system files that should be restricted.

Remediation

Install update from vendor's website.

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-ios