Cisco IOS XE Software Consent Token Bypass Vulnerability

Vulnerability

The vulnerability resides in the CLI of Cisco IOS XE Software. It stems from insufficient enforcement of the consent token when authorizing shell access. An authenticated local attacker can exploit this by requesting shell access. Affected versions include various Cisco IOS XE releases; consult the Cisco IOS Software Checker for specific affected releases [1].

Exploitation

An attacker must have authenticated access to the CLI of an affected device. The attacker then requests shell access, and due to the consent token bypass, the request is granted without proper authorization. No additional user interaction or network position is required beyond local CLI access [1].

Impact

Successful exploitation allows the attacker to gain shell access on the device and execute arbitrary commands on the underlying operating system. This results in full compromise of the device, including potential data exfiltration, further network attacks, and denial of service [1].

Mitigation

Cisco has released software updates to address this vulnerability. Customers should upgrade to a fixed release as identified by the Cisco IOS Software Checker. No workarounds are available. The vulnerability is not listed on the Known Exploited Vulnerabilities (KEV) catalog as of the publication date [1].