Lucene search

CiscoCISCO-SA-20180926-IOSXE-CMDINJ

HistorySep 26, 2018 - 4:00 p.m.

Cisco IOS XE Software Command Injection Vulnerabilities

2018-09-2616:00:00

tools.cisco.com

0.0004 Low

EPSS

Percentile

5.2%

JSON

Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to execute commands on the underlying Linux shell of an affected device with root privileges.

The vulnerabilities exist because the affected software improperly sanitizes command arguments, failing to prevent access to certain internal data structures on an affected device. An attacker who has privileged EXEC mode (privilege level 15) access to an affected device could exploit these vulnerabilities on the device by executing CLI commands that contain custom arguments. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the affected device.

Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.

This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-iosxe-cmdinj [“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-iosxe-cmdinj”]
This advisory is part of the September 26, 2018, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes 12 Cisco Security Advisories that describe 13 vulnerabilities. For a complete list of the advisories and links to them, see Cisco Event Response: September 2018 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication [“https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-69981”].

Affected configurations

Vulners

Node

ciscorvs4000_softwareMatch3.7s

ciscorvs4000_softwareMatch3.8s

ciscorvs4000_softwareMatch3.9s

ciscorvs4000_softwareMatch3.2se

ciscorvs4000_softwareMatch3.3se

ciscorvs4000_softwareMatch3.3xo

ciscorvs4000_softwareMatch3.10s

ciscorvs4000_softwareMatch3.11s

ciscorvs4000_softwareMatch3.12s

ciscorvs4000_softwareMatch3.13s

ciscorvs4000_softwareMatch3.14s

ciscorvs4000_softwareMatch3.15s

ciscorvs4000_softwareMatch3.3sq

ciscorvs4000_softwareMatch3.4sq

ciscorvs4000_softwareMatch3.5sq

ciscorvs4000_softwareMatch3.16s

ciscorvs4000_softwareMatch3.17s

ciscorvs4000_softwareMatch16.1

ciscorvs4000_softwareMatch16.2

ciscorvs4000_softwareMatch16.3

ciscorvs4000_softwareMatch16.4

ciscorvs4000_softwareMatch16.5

ciscorvs4000_softwareMatch3.18s

ciscorvs4000_softwareMatch3.18sp

ciscorvs4000_softwareMatch16.6

ciscorvs4000_softwareMatch16.7

ciscorvs4000_softwareMatch16.9

ciscorvs4000_softwareMatch3.7.0s

ciscorvs4000_softwareMatch3.7.1s

ciscorvs4000_softwareMatch3.7.2s

ciscorvs4000_softwareMatch3.7.3s

ciscorvs4000_softwareMatch3.7.4s

ciscorvs4000_softwareMatch3.7.5s

ciscorvs4000_softwareMatch3.7.6s

ciscorvs4000_softwareMatch3.7.7s

ciscorvs4000_softwareMatch3.7.8s

ciscorvs4000_softwareMatch3.7.4as

ciscorvs4000_softwareMatch3.7.2ts

ciscorvs4000_softwareMatch3.7.0bs

ciscorvs4000_softwareMatch3.7.1as

ciscorvs4000_softwareMatch3.8.0s

ciscorvs4000_softwareMatch3.8.1s

ciscorvs4000_softwareMatch3.8.2s

ciscorvs4000_softwareMatch3.9.1s

ciscorvs4000_softwareMatch3.9.0s

ciscorvs4000_softwareMatch3.9.2s

ciscorvs4000_softwareMatch3.9.1as

ciscorvs4000_softwareMatch3.9.0as

ciscorvs4000_softwareMatch3.2.0se

ciscorvs4000_softwareMatch3.2.1se

ciscorvs4000_softwareMatch3.2.2se

ciscorvs4000_softwareMatch3.2.3se

ciscorvs4000_softwareMatch3.3.0se

ciscorvs4000_softwareMatch3.3.1se

ciscorvs4000_softwareMatch3.3.2se

ciscorvs4000_softwareMatch3.3.3se

ciscorvs4000_softwareMatch3.3.4se

ciscorvs4000_softwareMatch3.3.5se

ciscorvs4000_softwareMatch3.3.0xo

ciscorvs4000_softwareMatch3.3.1xo

ciscorvs4000_softwareMatch3.3.2xo

ciscorvs4000_softwareMatch3.10.0s

ciscorvs4000_softwareMatch3.10.1s

ciscorvs4000_softwareMatch3.10.2s

ciscorvs4000_softwareMatch3.10.3s

ciscorvs4000_softwareMatch3.10.4s

ciscorvs4000_softwareMatch3.10.5s

ciscorvs4000_softwareMatch3.10.6s

ciscorvs4000_softwareMatch3.10.2as

ciscorvs4000_softwareMatch3.10.2ts

ciscorvs4000_softwareMatch3.10.7s

ciscorvs4000_softwareMatch3.10.8s

ciscorvs4000_softwareMatch3.10.8as

ciscorvs4000_softwareMatch3.10.9s

ciscorvs4000_softwareMatch3.10.10s

ciscorvs4000_softwareMatch3.11.1s

ciscorvs4000_softwareMatch3.11.2s

ciscorvs4000_softwareMatch3.11.0s

ciscorvs4000_softwareMatch3.11.3s

ciscorvs4000_softwareMatch3.11.4s

ciscorvs4000_softwareMatch3.12.0s

ciscorvs4000_softwareMatch3.12.1s

ciscorvs4000_softwareMatch3.12.2s

ciscorvs4000_softwareMatch3.12.3s

ciscorvs4000_softwareMatch3.12.0as

ciscorvs4000_softwareMatch3.12.4s

ciscorvs4000_softwareMatch3.13.0s

ciscorvs4000_softwareMatch3.13.1s

ciscorvs4000_softwareMatch3.13.2s

ciscorvs4000_softwareMatch3.13.3s

ciscorvs4000_softwareMatch3.13.4s

ciscorvs4000_softwareMatch3.13.5s

ciscorvs4000_softwareMatch3.13.2as

ciscorvs4000_softwareMatch3.13.0as

ciscorvs4000_softwareMatch3.13.5as

ciscorvs4000_softwareMatch3.13.6s

ciscorvs4000_softwareMatch3.13.7s

ciscorvs4000_softwareMatch3.13.6as

ciscorvs4000_softwareMatch3.13.6bs

ciscorvs4000_softwareMatch3.13.7as

ciscorvs4000_softwareMatch3.13.8s

ciscorvs4000_softwareMatch3.13.9s

ciscorvs4000_softwareMatch3.14.0s

ciscorvs4000_softwareMatch3.14.1s

ciscorvs4000_softwareMatch3.14.2s

ciscorvs4000_softwareMatch3.14.3s

ciscorvs4000_softwareMatch3.14.4s

ciscorvs4000_softwareMatch3.15.0s

ciscorvs4000_softwareMatch3.15.1s

ciscorvs4000_softwareMatch3.15.2s

ciscorvs4000_softwareMatch3.15.1cs

ciscorvs4000_softwareMatch3.15.3s

ciscorvs4000_softwareMatch3.15.4s

ciscorvs4000_softwareMatch3.3.0sq

ciscorvs4000_softwareMatch3.3.1sq

ciscorvs4000_softwareMatch3.4.0sq

ciscorvs4000_softwareMatch3.4.1sq

ciscorvs4000_softwareMatch3.5.0sq

ciscorvs4000_softwareMatch3.5.1sq

ciscorvs4000_softwareMatch3.5.2sq

ciscorvs4000_softwareMatch3.5.3sq

ciscorvs4000_softwareMatch3.5.4sq

ciscorvs4000_softwareMatch3.5.5sq

ciscorvs4000_softwareMatch3.5.6sq

ciscorvs4000_softwareMatch3.5.7sq

ciscorvs4000_softwareMatch3.16.0s

ciscorvs4000_softwareMatch3.16.1s

ciscorvs4000_softwareMatch3.16.0as

ciscorvs4000_softwareMatch3.16.1as

ciscorvs4000_softwareMatch3.16.2s

ciscorvs4000_softwareMatch3.16.2as

ciscorvs4000_softwareMatch3.16.0bs

ciscorvs4000_softwareMatch3.16.0cs

ciscorvs4000_softwareMatch3.16.3s

ciscorvs4000_softwareMatch3.16.2bs

ciscorvs4000_softwareMatch3.16.3as

ciscorvs4000_softwareMatch3.16.4s

ciscorvs4000_softwareMatch3.16.4as

ciscorvs4000_softwareMatch3.16.4bs

ciscorvs4000_softwareMatch3.16.4gs

ciscorvs4000_softwareMatch3.16.5s

ciscorvs4000_softwareMatch3.16.4cs

ciscorvs4000_softwareMatch3.16.4ds

ciscorvs4000_softwareMatch3.16.4es

ciscorvs4000_softwareMatch3.16.6s

ciscorvs4000_softwareMatch3.16.5as

ciscorvs4000_softwareMatch3.16.5bs

ciscorvs4000_softwareMatch3.16.6bs

ciscorvs4000_softwareMatch3.17.0s

ciscorvs4000_softwareMatch3.17.1s

ciscorvs4000_softwareMatch3.17.2s

ciscorvs4000_softwareMatch3.17.1as

ciscorvs4000_softwareMatch3.17.3s

ciscorvs4000_softwareMatch3.17.4s

ciscorvs4000_softwareMatch16.1.1

ciscorvs4000_softwareMatch16.1.2

ciscorvs4000_softwareMatch16.1.3

ciscorvs4000_softwareMatch16.2.1

ciscorvs4000_softwareMatch16.2.2

ciscorvs4000_softwareMatch16.3.1

ciscorvs4000_softwareMatch16.3.2

ciscorvs4000_softwareMatch16.3.3

ciscorvs4000_softwareMatch16.3.1a

ciscorvs4000_softwareMatch16.3.4

ciscorvs4000_softwareMatch16.3.5

ciscorvs4000_softwareMatch16.3.5b

ciscorvs4000_softwareMatch16.4.1

ciscorvs4000_softwareMatch16.4.2

ciscorvs4000_softwareMatch16.4.3

ciscorvs4000_softwareMatch16.5.1

ciscorvs4000_softwareMatch16.5.1a

ciscorvs4000_softwareMatch16.5.1b

ciscorvs4000_softwareMatch16.5.2

ciscorvs4000_softwareMatch16.5.3

ciscorvs4000_softwareMatch3.18.0as

ciscorvs4000_softwareMatch3.18.0s

ciscorvs4000_softwareMatch3.18.1s

ciscorvs4000_softwareMatch3.18.2s

ciscorvs4000_softwareMatch3.18.3s

ciscorvs4000_softwareMatch3.18.4s

ciscorvs4000_softwareMatch3.18.0sp

ciscorvs4000_softwareMatch3.18.1sp

ciscorvs4000_softwareMatch3.18.1asp

ciscorvs4000_softwareMatch3.18.1gsp

ciscorvs4000_softwareMatch3.18.1bsp

ciscorvs4000_softwareMatch3.18.1csp

ciscorvs4000_softwareMatch3.18.2sp

ciscorvs4000_softwareMatch3.18.1hsp

ciscorvs4000_softwareMatch3.18.2asp

ciscorvs4000_softwareMatch3.18.1isp

ciscorvs4000_softwareMatch3.18.3sp

ciscorvs4000_softwareMatch3.18.3asp

ciscorvs4000_softwareMatch3.18.3bsp

ciscorvs4000_softwareMatch16.6.1

ciscorvs4000_softwareMatch16.6.2

ciscorvs4000_softwareMatch16.7.1

ciscorvs4000_softwareMatch16.7.1a

ciscorvs4000_softwareMatch16.9.1b

CPENameOperatorVersion
cisco ios xe softwareeq3.7S
cisco ios xe softwareeq3.8S
cisco ios xe softwareeq3.9S
cisco ios xe softwareeq3.2SE
cisco ios xe softwareeq3.3SE
cisco ios xe softwareeq3.3XO
cisco ios xe softwareeq3.10S
cisco ios xe softwareeq3.11S
cisco ios xe softwareeq3.12S
cisco ios xe softwareeq3.13S

Name	Operator	Version
cisco ios xe software	eq	3.7S
cisco ios xe software	eq	3.8S
cisco ios xe software	eq	3.9S
cisco ios xe software	eq	3.2SE
cisco ios xe software	eq	3.3SE
cisco ios xe software	eq	3.3XO
cisco ios xe software	eq	3.10S
cisco ios xe software	eq	3.11S
cisco ios xe software	eq	3.12S
cisco ios xe software	eq	3.13S