Input validation

2020-06-0318:15:00

PRIOn knowledge base

www.prio-n.com

7.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

47.6%

JSON

A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to execute arbitrary commands with root privileges on the underlying operating system of an affected device. The vulnerability is due to improper input sanitization. An attacker who has valid administrative access to an affected device could exploit this vulnerability by supplying a crafted input parameter on a form in the web UI and then submitting that form. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the device, which could lead to complete system compromise.

CPENameOperatorVersion
ios_xeeq16.10.1
ios_xeeq16.12.1
ios_xeeq16.11.1
ios_xeeq16.11.197
ios_xeeq16.12.199
ios_xeeq16.12.1116
ios_xeeq16.12.1115
ios_xeeq16.12.197
ios_xeeq16.11.199
ios_xeeq16.11.198

Name	Operator	Version
ios_xe	eq	16.10.1
ios_xe	eq	16.12.1
ios_xe	eq	16.11.1
ios_xe	eq	16.11.197
ios_xe	eq	16.12.199
ios_xe	eq	16.12.1116
ios_xe	eq	16.12.1115
ios_xe	eq	16.12.197
ios_xe	eq	16.11.199
ios_xe	eq	16.11.198