CVE-2017-12239

MEDIUM

Cisco ASR 1000 Series - Unauthenticated Physical Access

Title source: llm

Description

A vulnerability in motherboard console ports of line cards for Cisco ASR 1000 Series Aggregation Services Routers and Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated, physical attacker to access an affected device's operating system. The vulnerability exists because an engineering console port is available on the motherboard of the affected line cards. An attacker could exploit this vulnerability by physically connecting to the console port on the line card. A successful exploit could allow the attacker to gain full access to the affected device's operating system. This vulnerability affects only Cisco ASR 1000 Series Routers that have removable line cards and Cisco cBR-8 Converged Broadband Routers, if they are running certain Cisco IOS XE 3.16 through 16.5 releases. Cisco Bug IDs: CSCvc65866, CSCve77132.

References (4)

Core 4

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1039454

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1039455

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/101042

Vendor Advisory x_refsource_confirm

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-cc

Scores

CVSS v3 6.8

EPSS 0.0043

EPSS Percentile 34.6%

Attack Vector PHYSICAL

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-264 CWE-798

Status published

Products (50)

cisco/ios_xe 3.13.0as

cisco/ios_xe 3.13.0s

cisco/ios_xe 3.13.1s

cisco/ios_xe 3.13.2as

cisco/ios_xe 3.13.2s

cisco/ios_xe 3.13.3s

cisco/ios_xe 3.13.4s

cisco/ios_xe 3.13.5as

cisco/ios_xe 3.13.5s

cisco/ios_xe 3.13.6as

... and 40 more

Published Sep 29, 2017

Tracked Since Feb 18, 2026