A command injection vulnerability exists in the CLI of Cisco IOS XR Software, a unique self-healing and self-defending operating system that not only supports 24x7 operations, but also allows for continuous expansion and addition of new services or features. The vulnerability stems from a program that does not properly validate command parameters. An attacker could use this vulnerability to access the underlying root shell of the affected device and execute arbitrary commands as root.