Cisco IOS XE Software Denial-of-Service Vulnerability

A denial-of-service vulnerability has been identified in the CLI of Cisco IOS XE Software. This issue allows an authenticated, local attacker to cause a DoS condition on the affected device. The vulnerability arises from incorrect privilege assignments related to the 'start maintenance' command. An attacker with low privileges can access the management CLI and use this command to put the device into maintenance mode, shutting down interfaces and disrupting service. Although the device can be restored by using the 'stop maintenance' command, the vulnerability could still be exploited again.

Impact

Exploitation of this vulnerability leads to a denial-of-service condition by causing the device to shut down interfaces, disrupting normal operations.

Remediation

Cisco has released software updates to address this vulnerability. Instructions for upgrading to the fixed software can be found on the Cisco Security Advisories page. Additionally, a temporary workaround is available by manually setting the privilege level of the 'start maintenance' command to level 15.