Lucene search

CiscoCISCO-SA-WEBUI-CMDIJ-FZZAEXAY

HistorySep 27, 2023 - 4:00 p.m.

Cisco IOS XE Software Web UI Command Injection Vulnerability

2023-09-2716:00:00

tools.cisco.com

cisco ios xe

web ui

command injection

vulnerability

remote attacker

arbitrary commands

input validation

software update

cisco event response

EPSS

0.001

Percentile

32.6%

JSON

A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to perform an injection attack against an affected device.

This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web UI. A successful exploit could allow the attacker to execute arbitrary Cisco IOS XE Software CLI commands with level 15 privileges.

Note: This vulnerability is exploitable only if the attacker obtains the credentials for a Lobby Ambassador account. This account is not configured by default.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webui-cmdij-FzZAeXAy [“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webui-cmdij-FzZAeXAy”]

This advisory is part of the September 2023 release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: September 2023 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication [“https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-74916”].

Affected configurations

Vulners

Node

ciscocisco_ios_xe_softwareMatch16.12

ciscocisco_ios_xe_softwareMatch17.2

ciscocisco_ios_xe_softwareMatch17.3

ciscocisco_ios_xe_softwareMatch17.4

ciscocisco_ios_xe_softwareMatch17.5

ciscocisco_ios_xe_softwareMatch17.6

ciscocisco_ios_xe_softwareMatch17.7

ciscocisco_ios_xe_softwareMatch17.10

ciscocisco_ios_xe_softwareMatch17.8

ciscocisco_ios_xe_softwareMatch17.9

ciscocisco_ios_xe_softwareMatchany

ciscocisco_ios_xe_softwareMatch16.12.8

ciscocisco_ios_xe_softwareMatch16.12.4

ciscocisco_ios_xe_softwareMatch16.12.4a

ciscocisco_ios_xe_softwareMatch16.12.5

ciscocisco_ios_xe_softwareMatch16.12.6

ciscocisco_ios_xe_softwareMatch16.12.5a

ciscocisco_ios_xe_softwareMatch16.12.5b

ciscocisco_ios_xe_softwareMatch16.12.6a

ciscocisco_ios_xe_softwareMatch16.12.7

ciscocisco_ios_xe_softwareMatch16.12.9

ciscocisco_ios_xe_softwareMatch17.2.2

ciscocisco_ios_xe_softwareMatch17.2.3

ciscocisco_ios_xe_softwareMatch17.3.1

ciscocisco_ios_xe_softwareMatch17.3.2

ciscocisco_ios_xe_softwareMatch17.3.3

ciscocisco_ios_xe_softwareMatch17.3.1a

ciscocisco_ios_xe_softwareMatch17.3.1w

ciscocisco_ios_xe_softwareMatch17.3.2a

ciscocisco_ios_xe_softwareMatch17.3.1x

ciscocisco_ios_xe_softwareMatch17.3.1z

ciscocisco_ios_xe_softwareMatch17.3.3a

ciscocisco_ios_xe_softwareMatch17.3.4

ciscocisco_ios_xe_softwareMatch17.3.5

ciscocisco_ios_xe_softwareMatch17.3.4a

ciscocisco_ios_xe_softwareMatch17.3.6

ciscocisco_ios_xe_softwareMatch17.3.4b

ciscocisco_ios_xe_softwareMatch17.3.4c

ciscocisco_ios_xe_softwareMatch17.3.5a

ciscocisco_ios_xe_softwareMatch17.3.5b

ciscocisco_ios_xe_softwareMatch17.4.1

ciscocisco_ios_xe_softwareMatch17.4.2

ciscocisco_ios_xe_softwareMatch17.4.1a

ciscocisco_ios_xe_softwareMatch17.4.1b

ciscocisco_ios_xe_softwareMatch17.4.1c

ciscocisco_ios_xe_softwareMatch17.4.2a

ciscocisco_ios_xe_softwareMatch17.5.1

ciscocisco_ios_xe_softwareMatch17.5.1a

ciscocisco_ios_xe_softwareMatch17.5.1b

ciscocisco_ios_xe_softwareMatch17.5.1c

ciscocisco_ios_xe_softwareMatch17.6.1

ciscocisco_ios_xe_softwareMatch17.6.2

ciscocisco_ios_xe_softwareMatch17.6.1w

ciscocisco_ios_xe_softwareMatch17.6.1a

ciscocisco_ios_xe_softwareMatch17.6.1x

ciscocisco_ios_xe_softwareMatch17.6.3

ciscocisco_ios_xe_softwareMatch17.6.1y

ciscocisco_ios_xe_softwareMatch17.6.1z

ciscocisco_ios_xe_softwareMatch17.6.3a

ciscocisco_ios_xe_softwareMatch17.6.4

ciscocisco_ios_xe_softwareMatch17.6.1z1

ciscocisco_ios_xe_softwareMatch17.6.5

ciscocisco_ios_xe_softwareMatch17.6.5a

ciscocisco_ios_xe_softwareMatch17.7.1

ciscocisco_ios_xe_softwareMatch17.7.1a

ciscocisco_ios_xe_softwareMatch17.7.1b

ciscocisco_ios_xe_softwareMatch17.7.2

ciscocisco_ios_xe_softwareMatch17.10.1

ciscocisco_ios_xe_softwareMatch17.10.1a

ciscocisco_ios_xe_softwareMatch17.10.1b

ciscocisco_ios_xe_softwareMatch17.8.1

ciscocisco_ios_xe_softwareMatch17.8.1a

ciscocisco_ios_xe_softwareMatch17.9.1

ciscocisco_ios_xe_softwareMatch17.9.1w

ciscocisco_ios_xe_softwareMatch17.9.2

ciscocisco_ios_xe_softwareMatch17.9.1a

ciscocisco_ios_xe_softwareMatch17.9.1x

ciscocisco_ios_xe_softwareMatch17.9.1y

ciscocisco_ios_xe_softwareMatch17.9.2a

ciscocisco_ios_xe_softwareMatch17.9.1x1

ciscocisco_ios_xe_softwareMatchany

VendorProductVersionCPE
ciscocisco_ios_xe_software16.12cpe:2.3:a:cisco:cisco_ios_xe_software:16.12:*:*:*:*:*:*:*
ciscocisco_ios_xe_software17.2cpe:2.3:a:cisco:cisco_ios_xe_software:17.2:*:*:*:*:*:*:*
ciscocisco_ios_xe_software17.3cpe:2.3:a:cisco:cisco_ios_xe_software:17.3:*:*:*:*:*:*:*
ciscocisco_ios_xe_software17.4cpe:2.3:a:cisco:cisco_ios_xe_software:17.4:*:*:*:*:*:*:*
ciscocisco_ios_xe_software17.5cpe:2.3:a:cisco:cisco_ios_xe_software:17.5:*:*:*:*:*:*:*
ciscocisco_ios_xe_software17.6cpe:2.3:a:cisco:cisco_ios_xe_software:17.6:*:*:*:*:*:*:*
ciscocisco_ios_xe_software17.7cpe:2.3:a:cisco:cisco_ios_xe_software:17.7:*:*:*:*:*:*:*
ciscocisco_ios_xe_software17.10cpe:2.3:a:cisco:cisco_ios_xe_software:17.10:*:*:*:*:*:*:*
ciscocisco_ios_xe_software17.8cpe:2.3:a:cisco:cisco_ios_xe_software:17.8:*:*:*:*:*:*:*
ciscocisco_ios_xe_software17.9cpe:2.3:a:cisco:cisco_ios_xe_software:17.9:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	cisco_ios_xe_software	16.12	cpe:2.3:a:cisco:cisco_ios_xe_software:16.12:::::::*
cisco	cisco_ios_xe_software	17.2	cpe:2.3:a:cisco:cisco_ios_xe_software:17.2:::::::*
cisco	cisco_ios_xe_software	17.3	cpe:2.3:a:cisco:cisco_ios_xe_software:17.3:::::::*
cisco	cisco_ios_xe_software	17.4	cpe:2.3:a:cisco:cisco_ios_xe_software:17.4:::::::*
cisco	cisco_ios_xe_software	17.5	cpe:2.3:a:cisco:cisco_ios_xe_software:17.5:::::::*
cisco	cisco_ios_xe_software	17.6	cpe:2.3:a:cisco:cisco_ios_xe_software:17.6:::::::*
cisco	cisco_ios_xe_software	17.7	cpe:2.3:a:cisco:cisco_ios_xe_software:17.7:::::::*
cisco	cisco_ios_xe_software	17.10	cpe:2.3:a:cisco:cisco_ios_xe_software:17.10:::::::*
cisco	cisco_ios_xe_software	17.8	cpe:2.3:a:cisco:cisco_ios_xe_software:17.8:::::::*
cisco	cisco_ios_xe_software	17.9	cpe:2.3:a:cisco:cisco_ios_xe_software:17.9:::::::*