CVE-2017-12239 — Hard-coded Credentials in Cisco IOS XE
Severity
6.8MEDIUMNVD
EPSS
0.1%
top 65.58%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedSep 29
Latest updateMay 13
Description
A vulnerability in motherboard console ports of line cards for Cisco ASR 1000 Series Aggregation Services Routers and Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated, physical attacker to access an affected device's operating system. The vulnerability exists because an engineering console port is available on the motherboard of the affected line cards. An attacker could exploit this vulnerability by physically connecting to the console port on the line card. A successful e…
CVSS vector
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 0.9 | Impact: 5.9
Affected Packages1 packages
🔴Vulnerability Details
2GHSA▶
GHSA-gfw8-c79j-j3pr: A vulnerability in motherboard console ports of line cards for Cisco ASR 1000 Series Aggregation Services Routers and Cisco cBR-8 Converged Broadband↗2022-05-13
CVEList▶
CVE-2017-12239: A vulnerability in motherboard console ports of line cards for Cisco ASR 1000 Series Aggregation Services Routers and Cisco cBR-8 Converged Broadband↗2017-09-28
📋Vendor Advisories
1Cisco▶
Cisco IOS XE Software for Cisco ASR 1000 Series and cBR-8 Routers Line Card Console Access Vulnerability↗2017-09-27