At 16th of October, Cisco made a vulnerability public which affects Cisco IOS XE components – Cisco IOS XE Software Web UI Privilege Escalation Vulnerability. According the notes: This vulnerability allows a remote, unauthenticated attacker to create an account on an affected system with privilege level 15 access. The attacker can then use that account to gain control of the affected system. Vulnerable products are components where the web UI feature is enable. Components The Oracle Orivate Cloud Appliance X9-2 contains several Cisco components – see: VPAT – Oracle Private Cloud Appliance X9-2: Decision Tree The provided decision tree: Verification Let’s check the PCA components. Repeat the steps for all components according the IP list. Switch Name IP Management pcaswmn01 …
↧