Cisco IOS XE Software Telnet Authentication Bypass Vulnerability

A vulnerability in the vty authentication of Cisco IOS XE Software (03.02.xxSE and 03.03.xxSE only) could allow an unauthenticated, remote attacker to access an affected device without authentication and perform actions on the device with the privileges configured for the vty line interface.

The vulnerability is due to incomplete validations of the Linux-IOS Internal Network interface. An unauthenticated, remote attacker could exploit this vulnerability only if their source address is in the 192.168.x.2 subnet and the attacker has IP communication to the Cisco IOS XE device. An exploit could allow the attacker to access the device with the privilege level of the vty line interface.

Cisco has confirmed the vulnerability in a security notice and released software updates.

To exploit this vulnerability, it is likely that an attacker would need access to trusted, internal networks in order to communicate with the targeted device. This access requirement limits the likelihood of a successful exploit.

Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.