Cisco IOS XE 3S Platforms Series root Shell License Bypass Vulnerability

A vulnerability in one of the diagnostic commands in the Cisco IOS XE operating system for Cisco IOS XE 3S platforms could allow an authenticated, privileged, local attacker to gain restricted root shell access. The root shell is provided for advanced troubleshooting with Cisco Technical Assistance Center (TAC) engineers and requires a license.

The vulnerability occurs because the parameters to diagnostic commands at the command-line interface (CLI) are not properly validated. An attacker could exploit this vulnerability by authenticating to the affected device at privileged level 15 and providing crafted parameters to the diagnostic commands. An exploit could allow the authenticated, privileged attacker to bypass the license required for root shell access. If the authenticated user obtains root shell access, further compromise may be possible.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151130-iosxe3s[“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151130-iosxe3s”]