CVE-2018-0194

Name of the Vulnerable Software and Affected Versions Cisco IOS XE Software (affected versions not specified)

Description The issue is related to multiple vulnerabilities in the CLI parser of Cisco IOS XE Software. These vulnerabilities could allow an authenticated, local attacker to inject arbitrary commands into the CLI, potentially gaining access to the underlying Linux shell of an affected device and executing commands with root privileges. The vulnerabilities exist because the affected software does not sufficiently sanitize command arguments before passing commands to the Linux shell for execution. An attacker could exploit these vulnerabilities by submitting a malicious CLI command. A successful exploit could allow the attacker to break from the CLI and gain access to the underlying Linux shell, executing arbitrary commands with root privileges.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.