CVE-2018-0123

Name of the Vulnerable Software and Affected Versions: Cisco IOS and IOS XE Software (affected versions not specified)

Description: A Path Traversal issue in the diagnostic shell could allow an authenticated, local attacker to overwrite system files by using certain diagnostic shell commands with crafted user input. The issue is due to a lack of proper input validation for these commands. An attacker could exploit this by authenticating to the device, entering the diagnostic shell, and providing malicious input to commands at the local diagnostic shell CLI, potentially overwriting sensitive system files.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.