CVE-2019-12650

Name of the Vulnerable Software and Affected Versions Cisco IOS XE Software (affected versions not specified)

Description The issue is related to multiple vulnerabilities in the web-based user interface (Web UI) of Cisco IOS XE Software. These vulnerabilities could allow an authenticated, remote attacker to execute commands with elevated privileges on the affected device. The vulnerability is associated with insufficient checking of arguments passed to a command, which can be exploited by a remote attacker to elevate their privileges to the level of root.

Recommendations For all affected versions, update to the latest software version that addresses these vulnerabilities, as released by Cisco. As a temporary workaround, consider restricting access to the Web UI to minimize the risk of exploitation. Avoid using the Web UI for command execution until the issue is resolved. At the moment, there is no information about additional mitigation measures.