CVE-2016-6428

Name of the Vulnerable Software and Affected Versions Cisco IOS XR version 6.1.1

Description A vulnerability in the command-line interface (CLI) of IOS-XR series software could allow an authenticated, local attacker to execute arbitrary code on a targeted system at the root privilege level. The issue is due to incorrect permissions given to a set of users. An attacker could exploit this by authenticating to the device and sending crafted user input to execute commands on the underlying operating system, requiring valid admin credentials to be logged-in to the device.

Recommendations For Cisco IOS XR version 6.1.1, update to a version that includes the fix for this issue, as software updates have been released by Cisco to address this vulnerability.