Vulnerability Name:

CVE-2017-12239

Assigned:2017-08-03
Published:2017-09-28
Updated:2017-10-06
Summary:A vulnerability in motherboard console ports of line cards for Cisco ASR 1000 Series Aggregation Services Routers and Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated, physical attacker to access an affected device's operating system. The vulnerability exists because an engineering console port is available on the motherboard of the affected line cards. An attacker could exploit this vulnerability by physically connecting to the console port on the line card. A successful exploit could allow the attacker to gain full access to the affected device's operating system. This vulnerability affects only Cisco ASR 1000 Series Routers that have removable line cards and Cisco cBR-8 Converged Broadband Routers, if they are running certain Cisco IOS XE 3.16 through 16.5 releases. Cisco Bug IDs: CSCvc65866, CSCve77132.
CVSS v3 Severity:6.8 Medium (CVSS v3 Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Physical
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
9.3 Critical (CCN CVSS v3 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-264
References:Source: BID
Type: VENDOR_ADVISORY
101042

Source: SECTRACK
Type: VENDOR_ADVISORY
1039454

Source: SECTRACK
Type: VENDOR_ADVISORY
1039455

Source: CONFIRM
Type: VENDOR_ADVISORY
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-cc

Vulnerable Configuration:Configuration 1:
  • cpe:/o:cisco:ios_xe:3.16.0s:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:ios_xe:3.18.1bsp:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:ios_xe:3.16.4as:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:ios_xe:3.16.4s:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:ios_xe:3.18.2s:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:ios_xe:3.17.3s:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:ios_xe:3.16.6bs:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:ios_xe:3.18.0sp:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:ios_xe:3.16.1s:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:ios_xe:3.17.0s:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:ios_xe:3.16.2as:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:ios_xe:3.16.1as:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:ios_xe:3.17.1as:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:ios_xe:3.18.0as:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:ios_xe:3.16.5s:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:ios_xe:16.5.1:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:ios_xe:3.16.4bs:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:ios_xe:3.17.1s:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:ios_xe:3.16.2s:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:ios_xe:3.18.0s:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:ios_xe:3.16.4ds:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:ios_xe:3.18.1asp:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:ios_xe:3.18.1sp:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:ios_xe:3.18.3vs:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:ios_xe:16.3.1a:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:ios_xe:15.4(3)s:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:ios_xe:3.18.1csp:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:ios_xe:3.18.2asp:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:ios_xe:3.16.3s:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:ios_xe:3.18.1s:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:ios_xe:3.18.2sp:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:ios_xe:3.16.2bs:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:ios_xe:3.16.3as:*:*:*:*:*:*:*

  • Denotes that component is vulnerable
    BACK
    cisco ios_xe 3.16.0s
    cisco ios_xe 3.18.1bsp
    cisco ios_xe 3.16.4as
    cisco ios_xe 3.16.4s
    cisco ios_xe 3.18.2s
    cisco ios_xe 3.17.3s
    cisco ios_xe 3.16.6bs
    cisco ios_xe 3.18.0sp
    cisco ios_xe 3.16.1s
    cisco ios_xe 3.17.0s
    cisco ios_xe 3.16.2as
    cisco ios_xe 3.16.1as
    cisco ios_xe 3.17.1as
    cisco ios_xe 3.18.0as
    cisco ios_xe 3.16.5s
    cisco ios_xe 16.5.1
    cisco ios_xe 3.16.4bs
    cisco ios_xe 3.17.1s
    cisco ios_xe 3.16.2s
    cisco ios_xe 3.18.0s
    cisco ios_xe 3.16.4ds
    cisco ios_xe 3.18.1asp
    cisco ios_xe 3.18.1sp
    cisco ios_xe 3.18.3vs
    cisco ios_xe 16.3.1a
    cisco ios_xe 15.4(3)s
    cisco ios_xe 3.18.1csp
    cisco ios_xe 3.18.2asp
    cisco ios_xe 3.16.3s
    cisco ios_xe 3.18.1s
    cisco ios_xe 3.18.2sp
    cisco ios_xe 3.16.2bs
    cisco ios_xe 3.16.3as