PT-2018-8654 · Cisco · Cisco Ios Xe

Published

2018-03-28

Updated

2019-10-09

CVE-2018-0176

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Cisco IOS XE Software (affected versions not specified)

Description: The issue is related to multiple vulnerabilities in the CLI parser of the software. These vulnerabilities could allow an authenticated, local attacker to gain access to the underlying Linux shell of an affected device and execute arbitrary commands with root privileges. The vulnerabilities are due to the software improperly sanitizing command arguments, which could be exploited by executing CLI commands with crafted arguments. A successful exploit could allow the attacker to gain access to the underlying Linux shell and execute arbitrary commands with root privileges.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78CWE-264

Related Identifiers

CVE-2018-0176

Affected Products

Cisco Ios Xe

PT-2018-8654 · Cisco · Cisco Ios Xe

CVE-2018-0176

Weakness Enumeration

Related Identifiers

Affected Products

References · 5