CVE-2018-0315: Cisco IOS XE AAA Remote Code Execution Vulnerability

by do son · June 7, 2018

On June 6th, Cisco officially released a security announcement that there is a serious vulnerability in its products for Authentication, Authorization, and Accounting (AAA) (CVE-2018-0315). Through this vulnerability, an attacker can remotely execute arbitrary code on the affected device without authorization, or cause the device to be reloaded resulting in a denial of service condition.

Affected version

The following versions are affected when using AAA as a login authentication:

Cisco IOS XE Software Release Fuji 16.7.1
Cisco IOS XE Software Release Fuji 16.8.1

Unaffected version

Cisco IOS XE Software Release Fuji 16.7.2
Cisco IOS XE Software Release Fuji 16.8.1c
Cisco IOS XE Software Release Fuji 16.8.1s

Solution

Cisco official has released a corresponding new version to fix the above vulnerabilities. Users should update and upgrade the protection. At the same time, administrators can limit access to the device to ensure that only trusted sources can access the device.

CVE-2018-0315: Cisco IOS XE AAA Remote Code Execution Vulnerability

Search

Brilliantly

Content & Links