CVE-2017-6796

Name of the Vulnerable Software and Affected Versions Cisco IOS XE Software running on Cisco ASR 920 Series Aggregation Services Routers (affected versions not specified)

Description A vulnerability exists in the USB-modem code due to improper input validation of the platform usb modem command in the CLI. This could allow an authenticated, local attacker to inject and execute arbitrary commands on the underlying operating system of an affected device by modifying the platform usb modem command. A successful exploit could allow the attacker to inject and execute arbitrary commands on the underlying operating system.

Recommendations For Cisco IOS XE Software running on Cisco ASR 920 Series Aggregation Services Routers, consider disabling the platform usb modem command in the CLI as a temporary workaround until a patch is available. Restrict access to the CLI to minimize the risk of exploitation. Avoid using the platform usb modem command until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.