CVE-2019-12661

Name of the Vulnerable Software and Affected Versions Cisco IOS XE Software (affected versions not specified)

Description The issue is related to insufficient validation of arguments passed to a specific Virtualization Manager (VMAN) CLI command, allowing an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with root privileges. This could lead to complete system compromise. An attacker with administrator access to an affected device could exploit this by including malicious input as the argument of an affected command.

Recommendations For Cisco IOS XE Software, update to a version that includes the fix for this issue, as software updates have been released by Cisco to address this vulnerability. At the moment, there is no information about specific versions that contain a fix for this vulnerability, but it is recommended to check for and apply the latest software updates from Cisco.