- Licensing cisco ios xe software features asr 1001 x software#
- Licensing cisco ios xe software features asr 1001 x license#
Licensing cisco ios xe software features asr 1001 x license#
If the show license command does not exist or returns empty output then the Cisco IOS XE 3S platform is not vulnerable. To determine if a license is required, use the show license feature | include internal_service command.
Licensing cisco ios xe software features asr 1001 x software#
Cisco Integrated Services Router (ISR) 4451Īll versions of Cisco IOS XE 3S Software are vulnerable if they require a license to access the restricted root shell. Cisco Integrated Services Router (ISR) 4431. Cisco Integrated Services Router (ISR) 4351. Cisco Integrated Services Router (ISR) 4331. Cisco Integrated Services Router (ISR) 4321. Cisco Cloud Services Routers (CSR) 1000V. Cisco Aggregation Services (ASR) Routers 1002-X. Cisco Aggregation Services (ASR) Routers 1001-X Routing Configuration Guide for Cisco ASR 9000 Series Routers, IOS XR Release 7. Cisco Aggregation Services (ASR) Routers 1001. The following Cisco products are vulnerable when running a Cisco IOS XE 3S Software release: This advisory is available at the following link: There are no workarounds that address this vulnerability. If the authenticated user obtains root shell access, further compromise may be possible.Ĭisco has released software updates that address this vulnerability. An exploit could allow the authenticated, privileged attacker to bypass the license required for root shell access. An attacker could exploit this vulnerability by authenticating to the affected device at privileged level 15 and providing crafted parameters to the diagnostic commands. The vulnerability occurs because the parameters to diagnostic commands at the command-line interface (CLI) are not properly validated. An attacker could exploit this vulnerability by sending IPv6 traffic through. 
The vulnerability is due to improper validation of IPv6 packets through the UTD feature. The root shell is provided for advanced troubleshooting with Cisco Technical Assistance Center (TAC) engineers and requires a license. A vulnerability in Unified Threat Defense (UTD) in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. A vulnerability in one of the diagnostic commands in the Cisco IOS XE operating system for Cisco IOS XE 3S platforms could allow an authenticated, privileged, local attacker to gain restricted root shell access.
0 kommentar(er)
