A vulnerability in the command-line interface (CLI) of IOS-XR series software could allow an authenticated, local attacker to execute arbitrary code on a targeted system at the root privilege level.
The vulnerability is due to incorrect permissions given to a set of users. An attacker could exploit this vulnerability by authenticating to the device and sending crafted user input to execute commands on the underlying operating system. The user has to be logged-in to the device with valid admin credentials.
Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available.
This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-iosxr["http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-iosxr"]