7.2

CVE-2017-12239

A vulnerability in motherboard console ports of line cards for Cisco ASR 1000 Series Aggregation Services Routers and Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated, physical attacker to access an affected device's operating system. The vulnerability exists because an engineering console port is available on the motherboard of the affected line cards. An attacker could exploit this vulnerability by physically connecting to the console port on the line card. A successful exploit could allow the attacker to gain full access to the affected device's operating system. This vulnerability affects only Cisco ASR 1000 Series Routers that have removable line cards and Cisco cBR-8 Converged Broadband Routers, if they are running certain Cisco IOS XE 3.16 through 16.5 releases. Cisco Bug IDs: CSCvc65866, CSCve77132.

Data is provided by the National Vulnerability Database (NVD)
CiscoIos Xe Version3.13.0as
CiscoIos Xe Version3.13.0s
CiscoIos Xe Version3.13.1s
CiscoIos Xe Version3.13.2as
CiscoIos Xe Version3.13.2s
CiscoIos Xe Version3.13.3s
CiscoIos Xe Version3.13.4s
CiscoIos Xe Version3.13.5as
CiscoIos Xe Version3.13.5s
CiscoIos Xe Version3.13.6as
CiscoIos Xe Version3.13.6s
CiscoIos Xe Version3.14.0s
CiscoIos Xe Version3.14.1s
CiscoIos Xe Version3.14.2s
CiscoIos Xe Version3.14.3s
CiscoIos Xe Version3.14.4s
CiscoIos Xe Version3.15.0s
CiscoIos Xe Version3.15.1cs
CiscoIos Xe Version3.15.1s
CiscoIos Xe Version3.15.2s
CiscoIos Xe Version3.15.3s
CiscoIos Xe Version3.15.4s
CiscoIos Xe Version3.16.0as
CiscoIos Xe Version3.16.0bs
CiscoIos Xe Version3.16.0cs
CiscoIos Xe Version3.16.0s
CiscoIos Xe Version3.16.1as
CiscoIos Xe Version3.16.1s
CiscoIos Xe Version3.16.2as
CiscoIos Xe Version3.16.2bs
CiscoIos Xe Version3.16.2s
CiscoIos Xe Version3.16.3as
CiscoIos Xe Version3.16.3s
CiscoIos Xe Version3.16.4as
CiscoIos Xe Version3.16.4bs
CiscoIos Xe Version3.16.4cs
CiscoIos Xe Version3.16.4ds
CiscoIos Xe Version3.16.4es
CiscoIos Xe Version3.16.4gs
CiscoIos Xe Version3.16.4s
CiscoIos Xe Version3.16.5as
CiscoIos Xe Version3.16.5bs
CiscoIos Xe Version3.16.5s
CiscoIos Xe Version3.17.0s
CiscoIos Xe Version3.17.1as
CiscoIos Xe Version3.17.1s
CiscoIos Xe Version3.17.2s
CiscoIos Xe Version3.17.3s
CiscoIos Xe Version3.18.0as
CiscoIos Xe Version3.18.0s
CiscoIos Xe Version3.18.0sp
CiscoIos Xe Version3.18.1asp
CiscoIos Xe Version3.18.1bsp
CiscoIos Xe Version3.18.1csp
CiscoIos Xe Version3.18.1gsp
CiscoIos Xe Version3.18.1hsp
CiscoIos Xe Version3.18.1isp
CiscoIos Xe Version3.18.1s
CiscoIos Xe Version3.18.1sp
CiscoIos Xe Version3.18.2asp
CiscoIos Xe Version3.18.2s
CiscoIos Xe Version3.18.2sp
CiscoIos Xe Version16.3.1a
CiscoIos Xe Version16.3.5b
CiscoIos Xe Version16.3.6
CiscoIos Xe Version16.3.7
CiscoIos Xe Version16.3.8
CiscoIos Xe Version16.3.9
CiscoIos Xe Version16.3.10
CiscoIos Xe Version16.3.11
CiscoIos Xe Version16.4.3
CiscoIos Xe Version16.5.1
CiscoIos Xe Version16.9.3a
CiscoIos Xe Version16.9.3s
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.14% 0.352
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 6.8 0.9 5.9
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.2 3.9 10
AV:L/AC:L/Au:N/C:C/I:C/A:C
CWE-798 Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

http://www.securityfocus.com/bid/101042
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1039454
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1039455
Third Party Advisory
VDB Entry