Cisco IOS XE Software Authentication, Authorization, and Accounting Login Authentication Remote Code Execution Vulnerability

2018-06-0616:00:00

tools.cisco.com

EPSS

0.044

Percentile

92.4%

JSON

A vulnerability in the authentication, authorization, and accounting (AAA) security services of Cisco IOS XE Software could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device or cause an affected device to reload, resulting in a denial of service (DoS) condition.

The vulnerability is due to incorrect memory operations that the affected software performs when the software parses a username during login authentication. An attacker could exploit this vulnerability by attempting to authenticate to an affected device. A successful exploit could allow the attacker to execute arbitrary code on the affected device or cause the affected device to reload, resulting in a DoS condition.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-aaa [“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-aaa”]

Affected configurations

Vulners

Node

ciscocisco_ios_xe_softwareMatch16.7

ciscocisco_ios_xe_softwareMatch16.8

ciscocisco_ios_xe_softwareMatch16.7.1

ciscocisco_ios_xe_softwareMatch16.7.1a

ciscocisco_ios_xe_softwareMatch16.7.1b

ciscocisco_ios_xe_softwareMatch16.8.1

ciscocisco_ios_xe_softwareMatch16.8.1a

ciscocisco_ios_xe_softwareMatch16.8.1b

VendorProductVersionCPE
ciscocisco_ios_xe_software16.7cpe:2.3:a:cisco:cisco_ios_xe_software:16.7:*:*:*:*:*:*:*
ciscocisco_ios_xe_software16.8cpe:2.3:a:cisco:cisco_ios_xe_software:16.8:*:*:*:*:*:*:*
ciscocisco_ios_xe_software16.7.1cpe:2.3:a:cisco:cisco_ios_xe_software:16.7.1:*:*:*:*:*:*:*
ciscocisco_ios_xe_software16.7.1acpe:2.3:a:cisco:cisco_ios_xe_software:16.7.1a:*:*:*:*:*:*:*
ciscocisco_ios_xe_software16.7.1bcpe:2.3:a:cisco:cisco_ios_xe_software:16.7.1b:*:*:*:*:*:*:*
ciscocisco_ios_xe_software16.8.1cpe:2.3:a:cisco:cisco_ios_xe_software:16.8.1:*:*:*:*:*:*:*
ciscocisco_ios_xe_software16.8.1acpe:2.3:a:cisco:cisco_ios_xe_software:16.8.1a:*:*:*:*:*:*:*
ciscocisco_ios_xe_software16.8.1bcpe:2.3:a:cisco:cisco_ios_xe_software:16.8.1b:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	cisco_ios_xe_software	16.7	cpe:2.3:a:cisco:cisco_ios_xe_software:16.7:::::::*
cisco	cisco_ios_xe_software	16.8	cpe:2.3:a:cisco:cisco_ios_xe_software:16.8:::::::*
cisco	cisco_ios_xe_software	16.7.1	cpe:2.3:a:cisco:cisco_ios_xe_software:16.7.1:::::::*
cisco	cisco_ios_xe_software	16.7.1a	cpe:2.3:a:cisco:cisco_ios_xe_software:16.7.1a:::::::*
cisco	cisco_ios_xe_software	16.7.1b	cpe:2.3:a:cisco:cisco_ios_xe_software:16.7.1b:::::::*
cisco	cisco_ios_xe_software	16.8.1	cpe:2.3:a:cisco:cisco_ios_xe_software:16.8.1:::::::*
cisco	cisco_ios_xe_software	16.8.1a	cpe:2.3:a:cisco:cisco_ios_xe_software:16.8.1a:::::::*
cisco	cisco_ios_xe_software	16.8.1b	cpe:2.3:a:cisco:cisco_ios_xe_software:16.8.1b:::::::*

References

sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-aaa

EPSS

0.044

Percentile

92.4%

JSON

Related for CISCO-SA-20180606-AAA