Command injection

2017-07-0400:29:00

PRIOn knowledge base

www.prio-n.com

6.9 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to execute arbitrary commands on the host operating system with root privileges, aka Command Injection. More Information: CSCvb99406. Known Affected Releases: 6.2.1.BASE. Known Fixed Releases: 6.2.1.28i.BASE 6.2.1.22i.BASE 6.1.32.8i.BASE 6.1.31.3i.BASE 6.1.3.10i.BASE.

CPENameOperatorVersion
ios_xreq6.0.2
ios_xreq6.0.2.01

CPE	Name	Operator	Version
	ios_xr	eq	6.0.2
	ios_xr	eq	6.0.2.01

References

www.securityfocus.com/bid/99213

www.securitytracker.com/id/1038741

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-ios