Cisco IOS XE NACM Authorization Bypass Vulnerability Allowing Unauthorized Data Access

A vulnerability exists in the Network Configuration Access Control Module (NACM) of Cisco IOS XE Software. It could allow an authenticated, remote attacker to gain unauthorized read access to configuration or operational data. This issue arises from a subtle change in the behavior of inner API calls, leading to incorrect filtering of results. Exploitation can be done using NETCONF, RESTCONF, or gRPC Network Management Interface (gNMI) protocols, allowing access to data paths that should have been restricted by NACM. The vulnerability requires the attacker to have credentials from a user with privileges lower than 15, and for NACM to be configured to restrict read access for that user.

Impact

Successful exploitation could enable access to data that NACM policies should have protected, potentially leading to unauthorized disclosure of sensitive configuration or operational information.

Remediation

Cisco IOS and IOS XE users can consult the Cisco Software Checker tool to determine if their release is affected and to find the earliest fixed version. Instructions for using the Cisco Software Checker are available on the Cisco Security Advisories page.