Input validation

2020-06-0318:15:00

PRIOn knowledge base

www.prio-n.com

6.5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

A vulnerability in the Virtual Services Container of Cisco IOS XE Software could allow an authenticated, local attacker to gain root-level privileges on an affected device. The vulnerability is due to insufficient validation of a user-supplied open virtual appliance (OVA). An attacker could exploit this vulnerability by installing a malicious OVA on an affected device.

CPENameOperatorVersion
ios_xeeq3.13.2115
ios_xeeq3.10.6115
ios_xeeq3.13.6115
ios_xeeq3.14.4115
ios_xeeq3.7.4101
ios_xeeq3.15.1-cs
ios_xeeq3.9.101
ios_xeeq3.13.4115
ios_xeeq16.2.1
ios_xeeq16.1.3

Name	Operator	Version
ios_xe	eq	3.13.2115
ios_xe	eq	3.10.6115
ios_xe	eq	3.13.6115
ios_xe	eq	3.14.4115
ios_xe	eq	3.7.4101
ios_xe	eq	3.15.1-cs
ios_xe	eq	3.9.101
ios_xe	eq	3.13.4115
ios_xe	eq	16.2.1
ios_xe	eq	16.1.3