Cisco IOS XE AAA RCE Vulnerability

Cisco IOS XE AAA RCE Vulnerability

June 7, 2018 | Adeline Zhang

Cisco released an advisory on 6th June for a critical vulnerability (CVE-2018-0315) in its Authentication, Authorization, and Accounting Login Authentication service. It could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device or cause an affected device to reload, resulting in a denial of service condition.

Reference: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-aaa

Affected Versions

  • Cisco IOS XE Software Release Fuji 16.7.1
  • Cisco IOS XE Software Release Fuji 16.8.1

Unaffected Versions

  •  Cisco IOS XE Software Release Fuji 16.7.2
  • Cisco IOS XE Software Release Fuji 16.8.1c
  • Cisco IOS XE Software Release Fuji 16.8.1s
  •  Cisco IOS XE Software Release Fuji 16.9.1 (Expected to be released in July 2018)
  •  Cisco IOS XE Software Release Fuji 16.8.2 (Expected to be released in September 2018)

Solution

Cisco has released free software updates to address the vulnerability described in this advisory. Users affected by this vulnerability should upgrade their system for security. In addition, administrators can control access privileges to ensure that only trusted sources could access their devices.

For details, please visit: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-aaa