CVE-2016-6414

Name of the Vulnerable Software and Affected Versions Cisco IOS versions 15.6 and earlier Cisco IOS XE versions 3.18 and earlier

Description A vulnerability exists in the iox command that could allow an authenticated, local attacker to perform command injection into the IOx Linux guest operating system. This issue is due to insufficient input validation of iox command line arguments, allowing an attacker to execute arbitrary commands by providing crafted options to the iox command.

Recommendations For Cisco IOS versions 15.6 and earlier, there is no information about a newer version that contains a fix for this vulnerability. For Cisco IOS XE versions 3.18 and earlier, there is no information about a newer version that contains a fix for this vulnerability.