Cisco IOS Software for Cisco 800 Series Industrial Integrated Services Routers Image Verification Bypass Vulnerability

Vulnerability

The vulnerability exists in the image verification feature of Cisco IOS Software running on Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs). It is due to insufficient access restrictions on the code that manages image verification. An authenticated, local attacker with privilege level 15 credentials can log in to the Virtual Device Server (VDS) shell and disable Cisco IOS Software integrity verification. This allows the attacker to boot a malicious software image on the affected device. [1]

Exploitation

To exploit this vulnerability, an attacker must have valid user credentials at privilege level 15. The attacker first authenticates to the targeted device and then logs in to the Virtual Device Server (VDS) shell. From the VDS shell, the attacker can disable Cisco IOS Software integrity (image) verification. [1]

Impact

Successful exploitation allows the attacker to boot a malicious Cisco IOS Software image on the targeted device. This could lead to arbitrary code execution at the highest privilege level, full compromise of the device, and potential further network attacks from that vantage point. [1]

Mitigation

Cisco has released free software updates to address this vulnerability. Customers should upgrade to fixed versions of Cisco IOS Software as specified in the Cisco Security Advisory. No workarounds are available. Customers with service contracts should obtain upgrades through their usual channels; those without should contact the Cisco TAC. [1]