Cisco IOS XE Software Privilege Escalation Vulnerability

A vulnerability exists in the CLI of Cisco IOS XE Software, allowing an authenticated, local attacker with privilege level 15 to elevate privileges to root on the underlying operating system of the affected device. This issue arises from inadequate input validation when processing certain configuration commands. An attacker could exploit this vulnerability by injecting crafted input into these commands, potentially leading to unauthorized access and actions at the root level on the device's operating system.

Impact

Exploitation of this vulnerability could result in unauthorized privilege escalation, allowing an attacker to gain root access on the affected device's underlying operating system.

Remediation

Cisco has released free software updates to address this vulnerability. Customers with service contracts should obtain these updates through their usual channels. For those without service contracts, contact the Cisco Technical Assistance Center (TAC) for assistance. To determine exposure to this vulnerability, use the Cisco Software Checker tool.