CVE-2018-0193

Name of the Vulnerable Software and Affected Versions: Cisco IOS XE Software (affected versions not specified)

Description: The issue allows an authenticated, local attacker to inject arbitrary commands into the CLI of the affected software, potentially gaining access to the underlying Linux shell of an affected device and executing commands with root privileges. This is due to the affected software not sufficiently sanitizing command arguments before passing commands to the Linux shell for execution. An attacker could exploit this by submitting a malicious CLI command. A successful exploit could allow the attacker to break from the CLI and execute arbitrary commands with root privileges on the device.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.