cisco-sa-iosxe-priv-esc-seAx6NLX: Cisco IOS XE Software Privilege Escalation Vulnerability
First published: Wed Mar 27 2024(Updated: )
A vulnerability in the NETCONF feature of Cisco IOS XE Software could allow an authenticated, remote attacker to elevate privileges to root on an affected device.This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco IOS and IOS XE Software |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of cisco-sa-iosxe-priv-esc-seAx6NLX?
The severity of cisco-sa-iosxe-priv-esc-seAx6NLX is rated as high due to the potential for privilege escalation.
How do I fix cisco-sa-iosxe-priv-esc-seAx6NLX?
To fix cisco-sa-iosxe-priv-esc-seAx6NLX, apply the latest security patches released by Cisco for the affected IOS XE Software.
Who is affected by cisco-sa-iosxe-priv-esc-seAx6NLX?
Devices running Cisco IOS XE Software with the NETCONF feature enabled are affected by cisco-sa-iosxe-priv-esc-seAx6NLX.
What type of attack is possible with cisco-sa-iosxe-priv-esc-seAx6NLX?
cisco-sa-iosxe-priv-esc-seAx6NLX enables authenticated, remote attackers to escalate their privileges to root on affected devices.
Is authentication required to exploit cisco-sa-iosxe-priv-esc-seAx6NLX?
Yes, an attacker must be authenticated to exploit cisco-sa-iosxe-priv-esc-seAx6NLX.
- collector/cisco-recent
- source/Cisco
- agent/weakness
- agent/references
- agent/severity
- agent/title
- agent/description
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/cisco ios and ios xe software