Cisco IOS and IOS XE Software Information Disclosure Vulnerability

Vulnerability

The vulnerability resides in the Secure Storage feature of Cisco IOS and IOS XE Software. It is caused by improper memory operations performed during encryption when the software handles configuration updates. An authenticated, local attacker can exploit this by retrieving the contents of specific memory locations on an affected device. Vulnerable releases include Cisco IOS Software prior to 15.6(3)M1 and Cisco IOS XE Software prior to 16.6.1 [1].

Exploitation

An attacker must have local authenticated access to the device and the Secure Storage feature must be enabled. The attacker can trigger a configuration update or wait for one to occur, then read specific memory locations to capture sensitive data. No user interaction beyond authentication is required [1].

Impact

Successful exploitation results in the disclosure of keying materials that are part of the device configuration. These materials can be used to recover critical system information, leading to a breach of confidentiality. The attacker gains access to sensitive data that could compromise the security of the device and network [1].

Mitigation

Cisco has fixed this vulnerability in Cisco IOS Software Release 15.6(3)M1 and later, and in Cisco IOS XE Software Release 16.6.1 and later. If the Secure Storage feature is not required, administrators can disable it using the no service private-config-encryption command. The feature status can be verified with show running-config all | include service private-config-encryption or show parser encrypt file status | include Feature [1].