Jg

Name of the Vulnerable Software and Affected Versions: Cisco IOS XE Software (affected versions not specified) Description: The issue is related to insufficient protection of values passed to a script that executes during device startup, allowing an authenticated, local attacker with privileged EXEC permissions to inject a command to the underlying operating system. This command will execute with root privileges upon the next reboot of the device. An attacker could exploit this by writing values to a specific file, potentially allowing them to execute commands with root privileges each time the affected device is restarted. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.