Cisco IOx for IOS XE Software Privilege Escalation Vulnerability

Vulnerability

A vulnerability in the authorization controls for the Cisco IOx application hosting infrastructure in Cisco IOS XE Software could allow an unauthenticated, remote attacker to execute Cisco IOx API commands without proper authorization [1]. The vulnerability is due to incorrect handling of requests for authorization tokens. Affected versions include specific Cisco IOS XE software releases with the IOx feature enabled; refer to the advisory for a complete list [1].

Exploitation

An attacker can exploit this vulnerability by sending a crafted API call to request an authorization token [1]. No authentication or prior access is required, only network reachability to the device's IOx API endpoint. After obtaining the token, the attacker can issue any IOx API commands [1].

Impact

Successful exploitation allows the attacker to obtain an authorization token and execute any IOx API commands on the affected device [1]. This can lead to full compromise of the IOx application hosting environment, including potential privilege escalation and control over guest operating systems running within IOx.

Mitigation

Cisco has released free software updates to address this vulnerability [1]. Customers should upgrade to the fixed versions specified in the advisory. If upgrading is not immediately possible, administrators can restrict access to the IOx API by using access control lists or network segmentation to limit exposure. No workarounds are provided beyond limiting network access. This CVE is not known to be listed in the KEV catalog as of publication [1].