CVE-2017-6719

Name of the Vulnerable Software and Affected Versions Cisco IOS XR Software version 6.2.1.BASE Cisco IOS XR Software versions prior to 6.2.1.28i.BASE Cisco IOS XR Software versions prior to 6.2.1.22i.BASE Cisco IOS XR Software versions prior to 6.1.32.8i.BASE Cisco IOS XR Software versions prior to 6.1.31.3i.BASE Cisco IOS XR Software versions prior to 6.1.3.10i.BASE

Description A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to execute arbitrary commands on the host operating system with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to a command in a specific group. A successful exploit could allow the attacker to execute arbitrary commands on the affected system with root privileges.

Recommendations For version 6.2.1.BASE, update to version 6.2.1.28i.BASE or later. For versions prior to 6.2.1.22i.BASE, update to version 6.2.1.22i.BASE or later. For versions prior to 6.1.32.8i.BASE, update to version 6.1.32.8i.BASE or later. For versions prior to 6.1.31.3i.BASE, update to version 6.1.31.3i.BASE or later. For versions prior to 6.1.3.10i.BASE, update to version 6.1.3.10i.BASE or later.