To exploit this vulnerability, an attacker must be able to login using the low-privileged user account. The attacker must have superuser or administrator privilege to exploit this vulnerability. There are no defaults or minimums in level 15 CLI. There are no restrictions on the number of times an attacker can exploit this vulnerability. There is no authentication mechanism for CLI access. The only requirement to exploit this vulnerability is that the attacker is able to login to the CLI of an affected device as a low-privileged user. Cisco IOS XE Software will not prompt a user for CLI access when a user is logged in with a superuser or administrator account. An attacker who can exploit this vulnerability does not need superuser or administrator privileges on the device. This vulnerability has been assigned Common Vulnerability and Exposure Class (CVE) ID: CVE-2018-0149. Cisco has released software updates that address this vulnerability. There are no workarounds. Cisco recommends administrators install these updates as soon as possible. In addition, administrators can monitor for signs of attack such as an increase in login attempts from unknown sources or an increase in CLI access from low-privilege users. For more information about installing and running Cisco IOS XE Software, see the Software Installation and Upgrade Guide
Vulnerable Software and Version Information
The following devices are vulnerable to this vulnerability:
10.2(33)SXH;
10.2(33)SYH;
10.2(33)SZH;
12.0(50)SE9;
12.0(46)SG6;
12.1(14b)T6;
12.1T8-JTR13-13.3-GA-CLI-R7;
15.0(3m,3s,3t,3u,4u)SRE5-STM1-15.5M4; and
15.1(4e)N4X4-STM4-16CFE .
Vulnerable Product Types and Recommendation
This vulnerability affects Cisco IOS XE Software running on all affected devices.
Cisco has released software updates that address this vulnerability. Cisco recommends administrators install these updates as soon as possible. In addition, administrators can monitor for signs of attack such as an increase in login attempts from unknown sources or an increase in CLI access from low-privilege users.
Cisco IOS XR Software
Cisco IOS XR software is affected by a vulnerability that could allow an unauthenticated, remote attacker to gain access to the Low Privileged User (LPU) account, which has superuser privileges on the device.
To exploit this vulnerability, an attacker must be able to login using the low-privileged user account. The attacker must have superuser or administrator privilege to exploit this vulnerability. There are no defaults or minimums in level 15 CLI. There are no restrictions on the number of times an attacker can exploit this vulnerability. There is no authentication mechanism for CLI access. The only requirement to exploit this vulnerability is that the attacker is able to login to the CLI of an affected device as a low-privileged user. Cisco IOS XE Software will not prompt a user for CLI access when a user is logged in with a superuser or administrator account. An attacker who can exploit this vulnerability does not need superuser or administrator privileges on the device.
What to do if you are currently being attacked
If you are currently being attacked, Cisco recommends that the following actions be taken:
Timeline
Published on: 04/15/2022 15:15:00 UTC
Last modified on: 04/25/2022 18:07:00 UTC