Cisco IOS XE Shell Access Request Mechanism access control
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 7.0 | $0-$5k | 0.00 |
A vulnerability was found in Cisco IOS XE (Router Operating System) (the affected version unknown). It has been rated as critical. This issue affects an unknown part of the component Shell Access Request Mechanism. The manipulation with an unknown input leads to a access control vulnerability. Using CWE to declare the problem leads to CWE-284. The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. Impacted is confidentiality, integrity, and availability. The summary by CVE is:
A vulnerability in the shell access request mechanism of Cisco IOS XE Software could allow an authenticated, local attacker to bypass authentication and gain unrestricted access to the root shell of an affected device. The vulnerability exists because the affected software has insufficient authentication mechanisms for certain commands. An attacker could exploit this vulnerability by requesting access to the root shell of an affected device, after the shell access feature has been enabled. A successful exploit could allow the attacker to bypass authentication and gain unrestricted access to the root shell of the affected device.
The bug was discovered 09/26/2018. The weakness was presented 10/05/2018 as cisco-sa-20180926-shell-access as confirmed advisory (Website). It is possible to read the advisory at tools.cisco.com. The identification of this vulnerability is CVE-2018-15371 since 08/17/2018. Attacking locally is a requirement. A simple authentication is necessary for exploitation. The technical details are unknown and an exploit is not publicly available. The attack technique deployed by this issue is T1068 according to MITRE ATT&CK.
The vulnerability was handled as a non-public zero-day exploit for at least 9 days. During that time the estimated underground price was around $25k-$100k. The commercial vulnerability scanner Qualys is able to test this issue with plugin 316331 (Cisco IOS XE Software Shell Access Authentication Bypass Vulnerability(cisco-sa-20180926-shell-access)).
Upgrading eliminates this vulnerability.
See 124886, 124884 and 124880 for similar entries.
Product
Type
Vendor
Name
License
CPE 2.3
CPE 2.2
CVSSv4
VulDB CVSS-B Score: 🔍VulDB CVSS-BT Score: 🔍
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 7.3VulDB Meta Temp Score: 7.1
VulDB Base Score: 7.8
VulDB Temp Score: 7.5
VulDB Vector: 🔍
VulDB Reliability: 🔍
NVD Base Score: 6.7
NVD Vector: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| unlock | unlock | unlock | unlock | unlock | unlock |
| unlock | unlock | unlock | unlock | unlock | unlock |
| unlock | unlock | unlock | unlock | unlock | unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Access controlCWE: CWE-284 / CWE-266
CAPEC: 🔍
ATT&CK: 🔍
Local: Yes
Remote: No
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | unlock | unlock | unlock | unlock |
|---|---|---|---|---|
| Today | unlock | unlock | unlock | unlock |
Qualys ID: 🔍
Qualys Name: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Timeline
08/17/2018 🔍09/26/2018 🔍
10/05/2018 🔍
10/05/2018 🔍
10/06/2018 🔍
03/30/2020 🔍
Sources
Vendor: cisco.comAdvisory: cisco-sa-20180926-shell-access
Status: Confirmed
CVE: CVE-2018-15371 (🔍)
OVAL: 🔍
scip Labs: https://www.scip.ch/en/?labs.20150108
See also: 🔍
Entry
Created: 10/06/2018 11:03Updated: 03/30/2020 14:29
Changes: 10/06/2018 11:03 (65), 03/30/2020 14:29 (1)
Complete: 🔍
Cache ID: 3:D72
No comments yet. Languages: en.
Please log in to comment.