CVE-2017-6728

Name of the Vulnerable Software and Affected Versions Cisco IOS XR Software version 6.2.1.BASE

Description A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to execute arbitrary code at the root privilege level on an affected system, because of incorrect permissions given to a set of users. An attacker could exploit this vulnerability by logging in to an affected device and elevating their privileges via crafted input. A successful exploit could allow the attacker to gain root-level privileges and take full control of the affected device.

Recommendations For Cisco IOS XR Software version 6.2.1.BASE, update to a fixed release such as 6.3.1.15i.BASE, 6.2.3.1i.BASE, or 6.2.2.15i.BASE to resolve the issue.