CVE-2017-12239 — MEDIUM (6.8)

Vulnerability Description

A vulnerability in motherboard console ports of line cards for Cisco ASR 1000 Series Aggregation Services Routers and Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated, physical attacker to access an affected device's operating system. The vulnerability exists because an engineering console port is available on the motherboard of the affected line cards. An attacker could exploit this vulnerability by physically connecting to the console port on the line card. A successful exploit could allow the attacker to gain full access to the affected device's operating system. This vulnerability affects only Cisco ASR 1000 Series Routers that have removable line cards and Cisco cBR-8 Converged Broadband Routers, if they are running certain Cisco IOS XE 3.16 through 16.5 releases. Cisco Bug IDs: CSCvc65866, CSCve77132.

CVSS Score

6.8

MEDIUM

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Cisco	Ios Xe	3.13.0as

Related Weaknesses (CWE)

CWE-798 CWE-264

References

http://www.securityfocus.com/bid/101042Third Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1039454Third Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1039455Third Party AdvisoryVDB Entry
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
http://www.securityfocus.com/bid/101042Third Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1039454Third Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1039455Third Party AdvisoryVDB Entry
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory

FAQ

What is CVE-2017-12239?

CVE-2017-12239 is a vulnerability with a CVSS score of 6.8 (MEDIUM). A vulnerability in motherboard console ports of line cards for Cisco ASR 1000 Series Aggregation Services Routers and Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated, physical a...

How severe is CVE-2017-12239?

CVE-2017-12239 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-12239?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Ios Xe.