CVE-2018-15371Improper Access Control in Cisco IOS XE Software

CWE-284Improper Access ControlCWE-287Improper Authentication4 documents4 sources
Severity
6.7MEDIUMNVD
EPSS
0.0%
top 85.32%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco IOS XE SoftwareCisco IOS XE
Timeline
PublishedOct 5
Latest updateMay 13

Description

A vulnerability in the shell access request mechanism of Cisco IOS XE Software could allow an authenticated, local attacker to bypass authentication and gain unrestricted access to the root shell of an affected device. The vulnerability exists because the affected software has insufficient authentication mechanisms for certain commands. An attacker could exploit this vulnerability by requesting access to the root shell of an affected device, after the shell access feature has been enabled. A suc

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages2 packages

NVDcisco/ios_xe16.3\(1\)

🔴Vulnerability Details

2
GHSA
GHSA-6q3f-rc7g-jc2x: A vulnerability in the shell access request mechanism of Cisco IOS XE Software could allow an authenticated, local attacker to bypass authentication a2022-05-13
CVEList
Cisco IOS XE Software Shell Access Authentication Bypass Vulnerability2018-10-05

📋Vendor Advisories

1
Cisco
Cisco IOS XE Software Shell Access Authentication Bypass Vulnerability2018-09-26
CVE-2018-15371 — Improper Access Control in Cisco | cvebase